Disabling conflicting-rule check

Towards editing ACLs, you can disable the default restriction on conflicting rules within an ACL. You can then create a conflicting rule before deleting the previous version.

Note

Note

We recommend that after ACL-editing sessions towards which you disabled conflicting-rule check, restore the default setting—by entering the no allow-conflicting-rules command.
  1. Enter configure terminal to access global configuration mode. 
    device# configure terminal
  2. Enter acl-policy to access ACL policy mode. 
    device(config)# acl-policy
  3. Enter allow-conflicting-rules. 
    device(config-acl-policy)# allow-conflicting-rules

Example

The following example is a typical editing flow.
  1. Enter the show running-config command to display the rules in the ACL that you need to modify. 
    device# show running-config mac access-list extended mac1
mac access-list extended mac1
 seq 10 permit host 0001.0001.0001 any
 seq 20 deny host 0001.0001.0002 any count
 seq 30 hard-drop host 0001.0001.0003 any mirror
  2. Enter the allow-conflicting-rules command. 
    device# configure terminal
device(config)# acl-policy
device(config-acl-policy)# allow-conflicting-rules
  3. In the ACL that you need to modify, create the new rule and then delete the old rule. 
    device(config-acl-policy)# exit
device(config)# mac access-list mac1
device(conf-macl-ext)# seq 21 permit host 0001.0001.0002 any count
device(conf-macl-ext)# no seq 20
  4. Enter the no allow-conflicting-rules command to restore the default setting. 
    device(conf-macl-ext)# exit
device(config)# acl-policy
device(config-acl-policy)# no allow-conflicting-rules
9036684-01 Rev AA