replace

Use this command to replace an access list entry with a remark, permit or deny entry.

Syntax

Standard IP Access List:
replace entry {remark “text” | {permit | deny} {source source-wildcard | any | host ip-address}} [log | log-verbose]
Extended IP Access List:
replace entry {remark “text| {permit | deny} protocol {source source-wildcard | any | host ip-address} {destination destination-wildcard | any | host ip-address} [log | log-verbose] [dscp dscp-code | precedence precedence | tos tos]}

Parameters

entry Specify the entry to be replaced with the rule defined by this command.
remark text Specify a text remark that will replace the specified entry. Valid values: Up to 64 characters within double quotes (“”).
deny | permit protocol Specifies a deny or permits entry for this replacement entry. For protocol details see permit or deny.
source Specifies the IP address or range of a network or host from which the packet will be sent.
source-wildcard Specifies the bits to ignore in the source address.
destination Specifies the IP address or range of a network or host to which the packet will be sent.
destination-wildcard Specifies the bits to ignore in the destination address.
any Specifies that any source or destination (extended access list only) address applies to this rule entry.
host ip-address Specifies a specific host address that will be applied to this rule entry.
log | log-verbose (Optional) Enable syslog for ACL entry hits. log enables standard syslog messaging on an access list rule hit and log-verbose enables a detailed level syslog messaging on an access list rule hit.
dscp dscp-code (Optional) Specifies a diffserve code point number of name. Valid values are 0 - 63, or be, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, af44, ef
precedence precedence (Optional) Specifies the IP precedence number or an IP precedence name. Valid values are 0 - 7, or in order from high to low: critical, flash, flash-override, immediate, internet, network, priority, routine.
tos tos (Optional) Specifies the IP Type of Service number or name. Valid values are 0 - 15, or max-reliability, max-throughput, min-delay, min-monetary-cost, normal.

Defaults

  • If remark is not specified, no remark is configured.
  • If log or log-verbose are not specified, logging is not enabled.
  • If dscp is not specified, a diffserve-code is not associated with this access list.
  • If precedence is not specified, a precedence is not associated with this access list.
  • If tos is not specified, a ToS is not associated with this access list.

Mode

Configuration command, standard or extended access list configuration.

Usage

ACL logging is throttled to 1 log message per second. If there are multiple ACL rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.

Example

This example replaces entry 1 of access list 10 with a permit any source address :

System(rw-config)->ip access-list standard 10
System(rw-cfg-std-acl)->replace 1 permit any
System(rw-cfg-std-acl)->