The section titled Editing an existing ACL describes how to use the CLI to edit an ACL, and is most applicable in cases where the ACL is short or there is only a minor editing task to perform. The offline method provides an alternative to using the CLI for creating or extensively editing a large ACL. This section describes how to:
For longer ACLs that may be difficult or time-consuming to accurately create or edit in the CLI, you can use the offline method described in this section.
|
|
NOTE: The |
|
|
-
Begin by doing one of the following:
-
To edit one or more existing ACLs, use
copy command–output tftp
to copy the current version of the ACL configuration to a file in your TFTP server. For example, to copy the ACL configuration to a file named acl-02.txt in the TFTP directory on a server at 10.28.227.2: -
To create a new ACL, just open a text (.txt) file in the appropriate directory on a TFTP server accessible to the switch.
-
-
Use a text editor to create or edit the ACL(s) in the
*.txt
ASCII file format.If you are replacing an ACL on the switch with a new ACL that uses the same number or name syntax, begin the command file with a
no ip access-list
command to remove the earlier version of the ACL from the switch running-config file. Otherwise, the switch will append the new ACEs in the ACL you download to the existing ACL.For example, if you planned to use the
copy
command to replace ACL "List-120", place this command at the beginning of the edited file: -
Use
copy tftp command-file
to download the file as a list of commands to the switch.