General editing rules

The CLI provides the capability for editing in the switch by using sequence numbers to insert or delete individual ACEs. An offline method is also available. This section describes using the CLI for editing ACLs. You can use the CLI to delete individual ACEs from anywhere in an ACL, append new ACEs to the end of an ACL, and insert new ACEs anywhere within an ACL.

  • When you enter a new ACE in an ACL without specifying a sequence number, the switch inserts the ACE as the last entry in the ACL.

  • When you enter a new ACE in an ACL and include a sequence number, the switch inserts the ACE according to the position of the sequence number in the current list of ACEs.

  • You can delete an ACE by using the ipv6 access-list identifier command to enter the ACL's context, and then no seq-#

  • Deleting the last ACE from an ACL leaves the ACL in the configuration as an "empty"ACL placeholder that cannot perform any filtering tasks. (In any ACL, the implicit deny does not apply unless the ACL includes at least one explicit ACE.