configure policy access-list

configure policy access-list [rule-precedence [list_dot_rule [after member_rule | before member_rule | first | last ] ] ]

Description

Adds rules and configures the rule precedence list for an access-list.

Syntax Description

access-list Configures access-list rule model.
rule-precedence Specifies modifying a rule's precedence in the access-list.
list_dot_rule Specifies the access-list name and rule name in the format list_name.rule_name.
after Moves the rule after an existing entry.
before Moves the rule before an existing entry.
member_rule Specifies the access-list name and rule name in format list_name.rule_name.
first Makes the rule the first.
last Makes the rule the last.

Default

N/A.

Usage Guidelines

An access-list always contains at least one rule and is not active or programmed until it is assigned to a profile. Assigning a different profile ID to an access-list that already has one overwrites the current value. Setting the profile ID to “none” removes the access-list from the active/programmed rules. A profile ID can only be assigned to an access-list, and not per rule, so the list_name must only contain an access-list and not a list_dot_rule value.

Example

The following example places the access-list "ACL1.ace3" before "ACL1.ace1":

# configure policy access-list rule-precedence ACL1.ace3 before ACL1.ace1

History

This command was first available in ExtremeXOS 30.5.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.