Disabling duplicate-rule check

Towards editing ACLs, you can disable the default restriction on duplicate rules within an ACL. You can then create a duplicate rule at a new sequence before deleting the previous version.

Note

Note

We recommend that after ACL-editing sessions towards which you disabled duplicate-rule check, restore the default setting—by entering the no allow-duplicate-rules command.
  1. Enter configure terminal to access global configuration mode.
    device# configure terminal
    
  2. Enter acl-policy to access ACL policy mode.
    device(config)# acl-policy
    
  3. Enter allow-duplicate-rules.
    device(config-acl-policy)# allow-duplicate-rules
    

Example

The following example is a typical editing flow.
  1. Enter the show running-config command to display the rules in the ACL that you need to modify.
    device# show running-config mac access-list extended mac1
    mac access-list extended mac1
     seq 10 permit host 0001.0001.0001 any
     seq 20 deny host 0001.0001.0002 any count
     seq 30 hard-drop host 0001.0001.0003 any mirror
    
  2. Enter the allow-duplicate-rules command.
    device# configure terminal
    device(config)# acl-policy
    device(config-acl-policy)# allow-duplicate-rules
    
  3. In the ACL that you need to modify, create the duplicate rule—specifying the new sequence number—and then delete the old rule.
    device(config-acl-policy)# exit
    device(config)# mac access-list mac1
    device(conf-macl-ext)# seq 11 hard-drop host 0001.0001.0003 any mirror
    device(conf-macl-ext)# no seq 30
    
  4. Enter the no allow-duplicate-rules command to restore the default setting.
    device(conf-macl-ext)# exit
    device(config)# acl-policy
    device(config-acl-policy)# no allow-duplicate-rules