The offline process

Procedure
  1. Begin by doing one of the following:
    1. To edit one or more existing ACLs, use copy command-output tftp to copy the current version of the ACL configuration to a file in your TFTP server. For example, to copy the ACL configuration to a file named acl-001.txt in the TFTP directory on a server at FE80::2a1:200:

      Switch# copy command-output 'show access-list config' tftp fe80::2a1:200 acl-001.txt pc

    2. To create a new ACL, open a text (.txt) file in the appropriate directory on a TFTP server accessible to the switch.
  2. Use a text editor to create or edit the ACLs in the *.txt ASCII file format.
  3. If you are replacing an ACL on the switch with a new ACL that uses the same number or name syntax, begin the command file with a no ip access-list command to remove the earlier version of the ACL from the switch's running-config file. Otherwise, the switch will append the new ACEs in the ACL you download to the existing ACL. For example, if you planned to use the copy command to replace an ACL named "List-120", you would place this command at the beginning of the edited file: no ipv6 access-list List-120


  4. An offline ACL file designed to replace an existing ACL
    no ipv6 access-list List-120
    ip access-list "List-120" 1
      10 remark "THIS ACE ALLOWS TELNET"
      10 permit tcp fe80::17/128 ::/0 eq 23
      20 deny ipv6 fe80::123/128 fe80::/125 log
      30 deny ipv6 fe80::255/128 fe80::/125 log
      40 remark "THIS IS THE FINAL ACE IN THE LIST"
      40 permit ipv6 ::/0 ::/0
     exit

    1 Removes an existing ACL and replaces it with a new version with the same identifier. To append new ACEs to an existing ACL instead of replacing it, you would omit the first line and ensure that the sequence numbering for the new ACEs begin with a number greater than the highest number in the existing list.

  5. Use copy tftp command-file to download the file as a list of commands to the switch.
    1. You would create a .txt file.
    2. After you copy the above .txt file to the TFTP server at FE80::1ad:17, you would then execute the following command: copy tftp command-file fe80::1ad:17 acl-001.txt pc. In this example, the CLI would show output similar to the following to indicate that the ACL was successfully downloaded to the switch.