Replacing an ACL Rule

An ACL rule or range of rules can be replaced by a specified permit, deny, or remark using the replace command.

The following example displays an extended ACL 121 and replaces entry 1 with a deny rule for source IP address 10.0.0.1 and destination IP address any:

System(rw-config)->ip access-list extended 121
System(rw-cfg-ext-acl)->show access-lists 121
Extended IP access list 121 (5 entries)
  1 deny   ip  20.0.0.1  0.0.255.255  any
  2 deny   ip  30.0.0.1  0.0.255.255  any
  3 deny   ip  40.0.0.1  0.0.255.255  any
  4 permit ip  any  any
  -- implicit deny all --
System(rw-cfg-ext-acl)->replace 1 deny ip 10.0.0.1 0.0.255.255 any
System(rw-cfg-ext-acl)->show access-lists 121
Extended IP access list 121 (5 entries)
  1 deny   ip  10.0.0.1  0.0.255.255  any
  2 deny   ip  30.0.0.1  0.0.255.255  any
  3 deny   ip  40.0.0.1  0.0.255.255  any
  4 permit ip  any  any
  -- implicit deny all --

This example replaces entry 1 of IPv6 access list acl10 with a permit any source address :

System(rw-config)->ipv6 access-list standard acl10
System(rw-cfg-ipv6-std-acl)->replace 1 permit any
System(rw-cfg-ipv6-std-acl)->

This example replaces the current entry at sequence 17 with the remark “I am a remark entry at sequence number 17” in the L2 ACL list1:

System(rw-config)->l2 access-list list1
System(rw-cfg-l2-acl)->replace 17 remark “I am a remark entry at sequence number 17”