An ACL rule or range of rules can be replaced by a specified permit, deny, or remark using the replace command.
The following example displays an extended ACL 121 and replaces entry 1 with a deny rule for source IP address 10.0.0.1 and destination IP address any:
System(rw-config)->ip access-list extended 121 System(rw-cfg-ext-acl)->show access-lists 121 Extended IP access list 121 (5 entries) 1 deny ip 20.0.0.1 0.0.255.255 any 2 deny ip 30.0.0.1 0.0.255.255 any 3 deny ip 40.0.0.1 0.0.255.255 any 4 permit ip any any -- implicit deny all -- System(rw-cfg-ext-acl)->replace 1 deny ip 10.0.0.1 0.0.255.255 any System(rw-cfg-ext-acl)->show access-lists 121 Extended IP access list 121 (5 entries) 1 deny ip 10.0.0.1 0.0.255.255 any 2 deny ip 30.0.0.1 0.0.255.255 any 3 deny ip 40.0.0.1 0.0.255.255 any 4 permit ip any any -- implicit deny all --
This example replaces entry 1 of IPv6 access list acl10 with a permit any source address :
System(rw-config)->ipv6 access-list standard acl10 System(rw-cfg-ipv6-std-acl)->replace 1 permit any System(rw-cfg-ipv6-std-acl)->
This example replaces the current entry at sequence 17 with the remark “I am a remark entry at sequence number 17” in the L2 ACL list1:
System(rw-config)->l2 access-list list1 System(rw-cfg-l2-acl)->replace 17 remark “I am a remark entry at sequence number 17”