首选查看设备有哪些关于ACL的配置,可以使用以下命令:

44-SW4#show running-config | section access

ip access-group 100 in

access-list 100 permit eigrp any any

access-list 100 deny   icmp any any

查看acl的具体情况,包括acl类型、acl序号、条目、条目序号、match数量等等

44-SW4#show ip access-lists

Extended IP access list 100

10 permit eigrp any any (24 matches)

20 deny icmp any any

插入acl条目,如在条目10和20之间插入序号为15的条目,如下所示:

44-SW4#configure terminal

44-SW4(config)#ip access-list extended 100

44-SW4(config-ext-nacl)#15 permit icmp any any

44-SW4(config-ext-nacl)#end

44-SW4#show ip access-lists 100

Extended IP access list 100

10 permit eigrp any any (60 matches)

15 permit icmp any any

20 deny icmp any any

删除序号为15的条目,如下所示:

44-SW4#configure terminal

44-SW4(config)#ip access-list extended 100

44-SW4(config-ext-nacl)#no 15

44-SW4(config-ext-nacl)#end

44-SW4#show ip access-lists 100

Extended IP access list 100

10 permit eigrp any any (140 matches)

20 deny icmp any any

以下为错误的删除方式,将导致整个acl被删除:

44-SW4#configure terminal

44-SW4(config)#no access-list 100 permit icmp any any

44-SW4(config)#end

44-SW4#show ip access-lists 100

44-SW4#
转自网界网:http://edu.cnw.com.cn/edu-network/intranet/manatec/htm2014/20140519_299717.shtml