Towards editing ACLs, disables the default restriction on duplicate rules within an ACL. You can then create a duplicate rule at a new sequence before deleting the previous version.
Duplicate rules are not allowed within an ACL.
ACL policy mode
If the only difference between two rules is that one is a deny and the other a hard-drop, they are considered duplicates.
Towards modifying ACL rules, you do not need to first remove ACLs from interfaces. Changes are implemented "on the fly," with no gap in protection.
We recommend that after ACL-editing sessions towards which you enabled allow-duplicate-rules, restore the default setting—by entering the no allow-duplicate-rules command.
Entering no allow-duplicate-rules launches a check of all ACLs for duplicate rules. If you did not immediately restore the default setting, and created ACLs with duplicate rules, you will need to delete duplicates before the software accepts no allow-duplicate-rules.
device# show running-config mac access-list extended mac1 mac access-list extended mac1 seq 10 permit host 0001.0001.0001 any seq 20 deny host 0001.0001.0002 any count seq 30 hard-drop host 0001.0001.0003 any mirror
device# configure terminal device(config)# acl-policy device(config-acl-policy)# allow-duplicate-rules
device(config-acl-policy)# exit device(config)# mac access-list mac1 device(conf-macl-ext)# seq 11 hard-drop host 0001.0001.0003 any mirror device(conf-macl-ext)# no seq 30
device(conf-macl-ext)# exit device(config)# acl-policy device(config-acl-policy)# no allow-duplicate-rules