Access List Entry Sequence Numbering

OcNOS-SP : System Management Guide : System Management Configuration Guide : Access Control Lists Configurations : Access List Entry Sequence Numbering

You can change the sequence numbers of rules in an access list.

Note: Re-sequencing an ACL attached to a management interface clears the ACL counters associated to it.

#configure terminal	Enter configure mode.
(config)#ip access-list icmp-acl-01	Enter access list mode for ACL icmp-acl-01.
(config-ip-acl)#resequence 100 200	Re-sequence the access list, starting with sequence number 100 and incrementing by 200.
(config-ip-acl)#1000 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11	Re-sequencing specific access rule 100 with sequence number 1000
(config-ip-acl)#exit	Exit access list mode.
(config)#commit	Commit the candidate configuration to the running configuration

Validation

Before re-sequencing:

#show access-lists icmp-acl-01

IP access list icmp-acl-01

10 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11 log

20 permit icmp 1.1.1.1/24 2.2.2.2/24 precedence flash

default deny-all

After re-sequencing the access list, starting with sequence number 100 and incrementing by 200

#show access-lists icmp-acl-01

IP access list icmp-acl-01

100 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11 log

300 permit icmp 1.1.1.1/24 2.2.2.2/24 precedence flash

default deny-all

After re-sequencing specific access rule 100 with sequence number 1000

#show access-lists icmp-acl-01

IP access list icmp-acl-01

300 permit icmp 1.1.1.1/24 2.2.2.2/24 precedence flash

1000 deny icmp 1.1.1.2/24 2.2.2.2/24 dscp af11 log

default deny-all

Last modified date: 10/19/2023