cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ss_daveh
New Contributor III

Editing Access List and Policy Class rules in CLI

Jump to solution

I have come across the scenario a few times when I am accessing a managed router remotely and need to put in a port forward rule. When adding the nat rule to the WAN policy class it defaults to being the last rule in the list and since it is the most specific rule I need it to be the first. Is there a way to move this up the list in the CLI without removing the other rules, and thus losing my access to the device? I know how to do it through the GUI once I get everything else in place, but it would be nice to know how to do it all in one interface.

Thanks in advance for any tips.

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: Editing Access List and Policy Class rules in CLI

Jump to solution

I usually create a temporary duplicate acl & NAT allow/NAT statement that allows my admin access, then remove the other statements  and add them back in in the order you want.  You will get disconnected, but will be able to get back in because you added the duplicate rule.  It is always wise to issue a "reload in xx" statement.  I usually use "reload in 10".  That way if you really mess it up, it will reload and you will have access again.  Just make sure you say "no" to saving the running config when prompted.

I hope this helps.

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: Editing Access List and Policy Class rules in CLI

Jump to solution

I usually create a temporary duplicate acl & NAT allow/NAT statement that allows my admin access, then remove the other statements  and add them back in in the order you want.  You will get disconnected, but will be able to get back in because you added the duplicate rule.  It is always wise to issue a "reload in xx" statement.  I usually use "reload in 10".  That way if you really mess it up, it will reload and you will have access again.  Just make sure you say "no" to saving the running config when prompted.

I hope this helps.

0 Kudos
Anonymous
Not applicable

Re: Editing Access List and Policy Class rules in CLI

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi