04-13-2015 12:29 PM
I looked for this for a while also, and discovered that you can't.
Here is a workaround though...
I read elsewhere that the most efficent way to do this is to save all your ACLs in a text file (example below), on a TFTP server. You can find free versions of TFTP servers for all Operating Systems. The first line of your ACL text file deletes the current ACL configuration, then the following lines re-create, but with your new inserted rules.
Then your process becomes:
1.) Use a text editor to create a new text file, or edit the file for the existing ALC. When you name the file, use 8.3 format (up to eight characters in the name and up to three characters in the extension).
NOTE: Make sure the Brocade device has network access to the TFTP server.
2.) Clear the ACL configuration from the ACLs you are changing by placing commands such as the following at the top of the file:
no access-list 1
no access-list 101
When you load the ACL list into the device, the software adds the ACL entries in the file after any entries that already exist in the same ACLs. Thus, if you intend to entirely replace an ACL, you must use the no access-list <num> command to clear the entries from the ACL before the new ones are added.
3.) Place the commands to create the ACL entries into the file. The order of the separate ACLs does not matter, but the order of the entries within each ACL is important. The software applies the entries in an ACL in the order they are listed within the ACL. Here is an example of some ACL entries:
access-list 1 deny host 192.168.1.6 log
access-list 1 deny 192.168.1.0 0.0.0.255 log
access-list 1 permit any
access-list 101 deny tcp any any eq http log
The software will apply the entries in ACL 1 in the order shown and stop at the first match. Thus, if a packet is denied by one of the first three entries, the packet will not be permitted by the fourth entry, even if the packet matches the comparison values in this entry.
4.) Enter the command end on a separate line at the end of the file. This command indicates to the software that the entire ACL list has been read from the file.
5.) Save the text file.
6.) On the Brocade device, enter the following command at the Privileged EXEC level of the CLI:
copy tftp running-config <tftp-ip-addr> <filename>
NOTE: This command will be unsuccessful if you place any commands other than access-list and end (at the end only) in the file. These are the only commands that are valid in a file you load using the copy tftp running-config… command.
7.) To save the changes to the device’s startup-config file, enter the following command at the Privileged EXEC level of the CLI:
Here is an example vLAN ACL configuration file limiting access to a vLAN.
no access-list 101
access-list 101 remark Permit Engineer1 workstation
access-list 101 permit ip 192.168.1.100/32 192.168.2.0/24
access-list 101 remark Permit Engineer2 Workstation
access-list 101 permit ip 192.168.1.101/32 192.168.2.0/24
access-list 101 remark Permit DNS request replies from DNS servers
access-list 101 permit udp host 192.168.1.200 192.168.2.0/24
access-list 101 permit udp host 192.168.1.201 192.168.2.0/24
access-list 101 remark Permit Established replies from outgoing requests to vLAN
access-list 101 permit tcp 192.168.1.0/24 192.168.2.0/24 established
access-list 101 remark Permit all other traffic
access-list 101 permit ip any any
access-list 101 permit udp any any