• You can delete an ACE with the ipv6 access-list <identifier> command to enter
the ACL's context, followed by the command no <seq-#> (see page 89).
• Deleting the last ACE from an ACL leaves the ACL as an "empty" ACL placeholder that cannot
perform any filtering tasks. (In any ACL, implicit deny does not apply unless the ACL
includes at least one explicit ACE. See “Deleting an IPv6 ACL” (page 86)".)
Sequence numbering in ACLs
The ACEs in any ACL are sequentially numbered by 10s. In the default state, the sequence number
of the first ACE in a list is 10 and subsequent ACEs are numbered in increments of 10. The following
show run output shows an ACL named "My-list" using the default numbering scheme:
Example 30 Default sequential numbering for ACEs
ipv6 access-list "My-list"
10 permit ipv6 2001:db8:0:5ad::25/128 ::/0
20 permit ipv6 2001:db8:0:5ad::111/128 ::/0
30 permit icmp 2001:db8:0:5ad::115/128 ::/0 135
40 deny ipv6 2001:db8:0:5ad::/64 ::/0
exit
Append an ACE to the end of the ACL using ipv6 access-list at the global configuration
prompt or by entering the ACL context:
Example 31 Appending a new ACE to the end of an ACL
HP Switch(config)# ipv6 access-list My-list permit esp host
2001:db8:0:5ad::19 any
1
2
HP Switch(Config)# ipv6 access-list My-list
HP Switch(config-ipv6-acl)# permit ipv6 any host 2001:db8:0:5ad::1
1
From the global configuration prompt, appends an ACE to the
end of the ACL named My-list
2
Enters the context of the “My-list”ACL and appends an ACE to
the end of the list
To append a final ACE to the end of the ACL, see Example 31 (page 87).
Editing an existing ACL 87
To Next Page
Loading...
Need help?
General
