取消
显示结果 
搜索替代 
您的意思是: 
cancel
4160
查看次数
0
有帮助
4
回复

思科ASA 如何将新的access list 放置在最前面

linwei22403
Spotlight
Spotlight
access-list dmz-acl extended permit ip any object-group fhw-sie
access-list dmz-acl extended deny ip any host 162.0.215.197
access-list dmz-acl extended permit ip object fhw-Proxy any
access-list dmz-acl extended permit ip object fhw-hoping any
想把第二条移动到第一条的位置 先执行 deny
4 条回复4

wyc_chao
Spotlight
Spotlight
把整个ACCELSS-list 删除了,重新写一下呢

ilay
VIP
VIP
直接no掉第二条,然后通过line number的方式添加到第一行即可
access-list dmz-acl line 1 extended deny ip any host 162.0.215.197
show access-list dmz-acl 查看添加后结果

linwei22403
Spotlight
Spotlight
gengchunlin 发表于 2021-3-8 21:35
直接no掉第二条,然后通过line number的方式添加到第一行即可
access-list dmz-acl line 1 extended deny ...

感谢验证可行,学习到了

YilinChen
Spotlight
Spotlight
show run 是不显示ACL编号的,但实际这个编号在show acl 时会显示,在命令上只要加上编号,就可以插入了;
举例如下:
ciscoasa(config)# access-list demo permit host 192.168.1.1
ciscoasa(config)# access-list demo permit host 192.168.1.2
ciscoasa(config)# access-list demo permit host 192.168.1.3
ciscoasa# show access-list demo
access-list demo; 3 elements; name hash: 0x61985251
access-list demo line 1 standard permit host 192.168.1.1 (hitcnt=0) 0xb94e4b8b
access-list demo line 2 standard permit host 192.168.1.2 (hitcnt=0) 0x9176794b
access-list demo line 3 standard permit host 192.168.1.3 (hitcnt=0) 0x4448b463
ciscoasa(config)# access-list demo line ?
configure mode commands/options:
<1-2147483647> Line-number
ciscoasa(config)# access-list demo line 2 deny host 192.168.1.4
ciscoasa(config)# show access-list demo
access-list demo; 4 elements; name hash: 0x61985251
access-list demo line 1 standard permit host 192.168.1.1 (hitcnt=0) 0xb94e4b8b
access-list demo line 2 standard deny host 192.168.1.4 (hitcnt=0) 0x2cdeb408
access-list demo line 3 standard permit host 192.168.1.2 (hitcnt=0) 0x9176794b
access-list demo line 4 standard permit host 192.168.1.3 (hitcnt=0) 0x4448b463
ciscoasa(config)# show run access-list
access-list demo standard permit host 192.168.1.1
access-list demo standard deny host 192.168.1.4
access-list demo standard permit host 192.168.1.2
access-list demo standard permit host 192.168.1.3
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接