Inserting an ace in an existing acl, Inserting an ace in an existing acl -65 – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Editing an Existing ACL

To continue from figure 8-17 and append a final ACE to the end of the ACL:

ProCurve(config-ipv6-acl)# deny ipv6 2001:db8:0:5ad::/64 any

ProCurve (config-ipv6-acl)# permit ipv6 any any

ProCurve(config-ipv6-acl)# show run

. . .

ipv6 access-list "My-list"

ACE appended as line 70, below.

Appended as line 80, below.

10 permit ipv6 2001:db8:0:5ad::25/128 ::/0

20 permit ipv6 2001:db8:0:5ad::111/128 ::/0

30 permit icmp 2001:db8:0:5ad::115/128 ::/0

40 permit icmp 2001:db8:0:5ad::/64 ::/0

50 permit 50 2001:db8:0:5ad::19/128 ::/0

60 permit ipv6 ::/0 2001:db8:0:5ad::1/128

70 deny ipv6 2001:db8:0:5ad::/64 ::/0

80 permit ipv6 ::/0 ::/0

exit

Line 70

Line 80

Figure 8-18. Example of Appending an ACE to an Existing List

Inserting an ACE in an Existing ACL

This action uses a sequence number to specify where to insert a new ACE into
an existing sequence of ACEs in an ACL.

Syntax: <1-2147483647> < permit | deny > < ipv6-ACE-criteria >

Used in the context of a given ACL, this command inserts an
ACE into the ACL.
<1-2147483647>: The range of valid sequence numbers for an
ACL.
< ipv6-ACE-criteria >: The various traffic selection options
described earlier in this chapter.

Note: Entering an ACE that would result in an out-of-range

sequence number is not allowed. Use the resequence
command to free up ACE numbering availability in the
ACL. Refer to “Resequencing the ACEs in an IPv6 ACL”
on page 8-68.

(For details on these options, refer to “Command Summary for
Configuring ACLs” on page 8-7.)

Examples of Inserting a New ACE in an Existing ACL.

From the

global configuration context, insert a new ACE with a sequence number of 45
between the ACEs numbered 40 and 50 in figure 8-18.

8-65