取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

545
查看次数
0
有帮助
4
回复
linwei22403
Beginner

思科ASA 如何将新的access list 放置在最前面

access-list dmz-acl extended permit ip any object-group fhw-sie
access-list dmz-acl extended deny ip any host 162.0.215.197
access-list dmz-acl extended permit ip object fhw-Proxy any
access-list dmz-acl extended permit ip object fhw-hoping any
想把第二条移动到第一条的位置 先执行 deny
4 条回复4
wyc_chao
Beginner

把整个ACCELSS-list 删除了,重新写一下呢
ilay
Rising star

直接no掉第二条,然后通过line number的方式添加到第一行即可
access-list dmz-acl line 1 extended deny ip any host 162.0.215.197
show access-list dmz-acl 查看添加后结果
linwei22403
Beginner

gengchunlin 发表于 2021-3-8 21:35
直接no掉第二条,然后通过line number的方式添加到第一行即可
access-list dmz-acl line 1 extended deny ...

感谢验证可行,学习到了
YilinChen
Advocate

show run 是不显示ACL编号的,但实际这个编号在show acl 时会显示,在命令上只要加上编号,就可以插入了;
举例如下:
ciscoasa(config)# access-list demo permit host 192.168.1.1
ciscoasa(config)# access-list demo permit host 192.168.1.2
ciscoasa(config)# access-list demo permit host 192.168.1.3
ciscoasa# show access-list demo
access-list demo; 3 elements; name hash: 0x61985251
access-list demo line 1 standard permit host 192.168.1.1 (hitcnt=0) 0xb94e4b8b
access-list demo line 2 standard permit host 192.168.1.2 (hitcnt=0) 0x9176794b
access-list demo line 3 standard permit host 192.168.1.3 (hitcnt=0) 0x4448b463
ciscoasa(config)# access-list demo line ?
configure mode commands/options:
<1-2147483647> Line-number
ciscoasa(config)# access-list demo line 2 deny host 192.168.1.4
ciscoasa(config)# show access-list demo
access-list demo; 4 elements; name hash: 0x61985251
access-list demo line 1 standard permit host 192.168.1.1 (hitcnt=0) 0xb94e4b8b
access-list demo line 2 standard deny host 192.168.1.4 (hitcnt=0) 0x2cdeb408
access-list demo line 3 standard permit host 192.168.1.2 (hitcnt=0) 0x9176794b
access-list demo line 4 standard permit host 192.168.1.3 (hitcnt=0) 0x4448b463
ciscoasa(config)# show run access-list
access-list demo standard permit host 192.168.1.1
access-list demo standard deny host 192.168.1.4
access-list demo standard permit host 192.168.1.2
access-list demo standard permit host 192.168.1.3
不能显示该小部件。