replace

Use this command to replace an access list entry with a remark, permit or deny entry.

Syntax

Standard IP Access List:

replace entry {remark “text” | {permit | deny} {source source-wildcard | any | host ip-address}} [log | log-verbose]

Extended IP Access List:

replace entry {remark “text”| {permit | deny} protocol {source source-wildcard | any | host ip-address} {destination destination-wildcard | any | host ip-address} [log | log-verbose] [dscp dscp-code | precedence precedence | tos tos]}

Parameters

`entry`	Specify the entry to be replaced with the rule defined by this command.
remark `text`	Specify a text remark that will replace the specified entry. Valid values: Up to 64 characters within double quotes (“”).
deny \| permit `protocol`	Specifies a deny or permits entry for this replacement entry. For protocol details see permit or deny.
`source`	Specifies the IP address or range of a network or host from which the packet will be sent.
`source-wildcard`	Specifies the bits to ignore in the source address.
`destination`	Specifies the IP address or range of a network or host to which the packet will be sent.
`destination-wildcard`	Specifies the bits to ignore in the destination address.
any	Specifies that any source or destination (extended access list only) address applies to this rule entry.
host `ip-address`	Specifies a specific host address that will be applied to this rule entry.
log `\|` log-verbose	(Optional) Enable syslog for ACL entry hits. log enables standard syslog messaging on an access list rule hit and log-verbose enables a detailed level syslog messaging on an access list rule hit.
dscp `dscp-code`	(Optional) Specifies a diffserve code point number of name. Valid values are 0 - 63, or be, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, af44, ef
precedence `precedence`	(Optional) Specifies the IP precedence number or an IP precedence name. Valid values are 0 - 7, or in order from high to low: critical, flash, flash-override, immediate, internet, network, priority, routine.
tos `tos`	(Optional) Specifies the IP Type of Service number or name. Valid values are 0 - 15, or max-reliability, max-throughput, min-delay, min-monetary-cost, normal.

Defaults

If remark is not specified, no remark is configured.
If log or log-verbose are not specified, logging is not enabled.
If dscp is not specified, a diffserve-code is not associated with this access list.
If precedence is not specified, a precedence is not associated with this access list.
If tos is not specified, a ToS is not associated with this access list.

Mode

Configuration command, standard or extended access list configuration.

Usage

ACL logging is throttled to 1 log message per second. If there are multiple ACL rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.

Example

This example replaces entry 1 of access list 10 with a permit any source address :

System(rw-config)->ip access-list standard 10
System(rw-cfg-std-acl)->replace 1 permit any
System(rw-cfg-std-acl)->

Published May 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback