6-87
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
6






Configuring

Virtual

Contexts
Configuring
Security

with

ACLs
Resequencing
Extended

ACLs
You
can

ch

ange

the

sequence

of

en

tries

i

n

an

Ex

tended

ACL.
Note
EtherType
ACL

entries

cannot

be

resequenced.
Procedure
Step
1
Choose
the

item

to

configure:


To
configure

a

virtual

context,

choose
Config
>

Devices

>

context

>

Security

>

ACLs.


To
configure
a

configuration

building

bl

ock,

choose
Config
>
Global
>
All

Building

Blocks
>
building_block
>

Security

>

ACLs.
The
ACLs

table

appears,

listing

the

existing

ACLs.
Step
2
In
the

ACLs

table,

choose

the

Extended

ACL

that

you

want

to

renumber,

and
click
the
Resequence
icon
that
appears

to

the

left

of

the

filter

field.
The
ACL

Line

Number

Resequence

window

appears.
Step
3
In
the

Start

field

of

the

ACL

Line

Number

Resequence

window,

enter

the

number

that
is
to

be

assigned
to
the

first

entry

in

the

ACL.
Valid
entries

ar

e

fr

om

1

t

o

2147483647.
Step
4
In
the
Increment

field,

enter
the
number

that

is

to

be

added
to
each
entry
in
the
ACL

after

the

first

entry.
Valid
entries

ar

e

fr

om

1

t

o

2147483647.
Step
5
Do
one

of

the

following:


Click
Resequence
to
save

your

entries

and

to

return

to

the

ACLs
table.


Click
Cancel
to
exit

this

procedure

without
saving
your

entries

and

to

return

to

the
ACLs
table.
Related
Topics


Configuring
Security
with

ACLs,

page
6-78


Creating
ACLs,

page
6-79


Setting
EtherType

ACL

Attributes,

page
6-87


Setting
Extended

ACL

Attributes,

page
6-82


Editing
or

Deleting

ACLs,

page
6-100


Displaying
ACL

Information

and

Statistics,
page
6-89
Setting
EtherType

ACL

Attributes
You
can

configure

an

ACL

that

controls

traffic

based

on

its

EtherType,

which

is

a

subprotocol

identifier.
EtherType
ACLs

support

Ethernet

V2

frames.

EtherType

ACLs

do

not

support

802.3-formatted

frames
because
they

use

a

length

field

instead

of

a

type

field.

The

only

exception

is

a

bridge

protocol

data

units
(BPDU),
which

is

SNAP

encapsulated.

The

ACE

is

designed

to

handle

BPDUs.