KB.15.15

Insert an ACE anywhere in a named ACL by specifying a sequence number. For

example, if you wanted to insert a new ACE as line 15 between lines 10 and 20

in an existing ACL named "List-2" to deny IPv4 traffic from the device at

10.10.10.77:

HP Switch(config)# ip access-list standard List-2

HP Switch(config-std-nacl)# 15 deny host 10.10.10.77

• Numbered IPv4 ACLs

Add an ACE to the end of a numbered ACL by using the

access-list < 1 - 99 | [100 - 199 >]

command.

For example, if you wanted to add a "permit" ACE at the end of a list identified

with the number "11" to allow IPv4 traffic from the device at 10.10.10.100:

HP Switch(config)# access-list 11 permit host 10.10.10.100

To insert an ACE anywhere in a numbered ACL, use the same process as described

above for inserting an ACE anywhere in a named ACL. For example, to insert an

ACE denying IPv4 traffic from the host at 10.10.10.77 as line 52 in an existing

ACL identified (named) with the number 11:

HP Switch(config)# ip access-list standard 99

HP Switch(config-std-nacl)# 52 deny host 10.10.10.77

• Duplicate ACEs are not allowed in the same ACL. Attempting to enter a duplicate ACE displays

the Duplicate access control entry message.

NOTE: After a numbered ACL has been created (using access-list 1-99 | 100-199), it can be

managed as either a named or numbered ACL.

Deleting an ACE

Deleting an ACE: Enter the ACL context and delete the sequence number for the unwanted ACE.

(To view the sequence numbers of the ACEs in a list, use show access-list < acl-name-str

> config.)

Duplicating an ACE

Duplicate ACEs are not allowed in the same ACL. Attempting to enter a duplicate ACE displays

the Duplicate access control entry message.

Creating or editing an ACL offline

The section titled “Editing an existing ACL” (page 319) describes how to use the CLI to edit an ACL,

and is most applicable in cases where the ACL is short or there is only a minor editing task to

284 IPv4 Access Control Lists (ACLs)