DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-21
end
DES-7200(config-ext-nacl)# end
Show
DES-7200# show access-list test-tcp-flag
ip access-lists extended test-tcp-flag
10 permit tcp any any match-all rst
20 deny tcp any any match-all fin
1.8 Configuring ACL
Entries by Priority
To embody the ACE priority, there are standards for each ACL to normalize the ACE
arranging method under the ACL by using the numbered start point – increment mode,
as detailed below:
ACE is sorted in the ascend order in the chain table by the sequential numbers.
Starting from the start point number, if no number is specified, it increases by step
on the basis of the previous ACE number.
To specify number, the ACE is inserted in sorting mode, and the increment
ensures new ACE can be inserted between two adjacent ACEs.
The ACL specifies the start point number and the number increment.
The ip access-list resequence {acl-id| acl-name} sn-start sn-inc command is
available, with details in the related command reference.
Whenever the above command is run, the ACEs will be re-sorted under the ACL list.
For example, the ACE numbers under the ACL named tst_acl is as follows:
In the beginning
ace1: 10
ace2: 20
ace3: 30
The ACE numbers are as follows after “ip access-list resequence tst_acl 100 3” is
run:
DES-7200(config)# ip access-list resequence tst_acl 100 3
ace1: 100
ace2: 103
ace3: 106
When adding ace4 without entering sn-num, the numbers are as follows:
DES-7200(config-std-nacl)# permit …
ace1: 100
ace2: 103
ace3: 106
ace4: 109