Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
7
Helpful
4
Replies

ACL modification

Go to solution
grissonwang
Level 1
Level 1

‎12-18-2006 07:18 PM - edited ‎03-11-2019 02:10 AM

Do I have to remove the access-group on the interface first before I modify the access-list element. what would happen if not?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
thult
Level 1
Level 1

‎12-19-2006 02:51 AM

As long as you do not remove the entire access-list you do not have to remove the access-group.

View solution in original post

0 Helpful

Go to solution
thult
Level 1
Level 1
In response to jgervia_2

‎12-20-2006 12:00 AM

I do not completely agree.

If modifying an access-list that affects your own connection to the Pix i agree with you that it is best to change to a temporary access-list, but in other cases it is quite safe to alter an active access-list.

From version 6.3 you have the possibility to alter a single line with the command "access-list acl-id line"

Also, it is possible to remove a simgle line in the access-list if you specify the whole line in the "no access-list" command.

//Tomas

View solution in original post

0 Helpful
4 Replies 4

Go to solution
spremkumar
Level 9
Level 9

‎12-18-2006 11:06 PM

Hi

I would suggest to remove the access-group first from the interface before removing the access-list or by default all the traffic will be blocked.

If its applied on the WAN interface through which you are logged in then u will get disconnected the same thing will happen if its applied on a ethernet interface and if ur logged in from the local lan..

regds

Go to solution
thult
Level 1
Level 1

‎12-19-2006 02:51 AM

As long as you do not remove the entire access-list you do not have to remove the access-group.

0 Helpful

Go to solution
jgervia_2
Level 1
Level 1
In response to thult

‎12-19-2006 05:43 PM

True.

However, best practice is to not modify the running access-list configuration of an applied access-group unless you absolutely have to.

1) remove access-group (or apply new 'temporary' access group)

2) modify access-list

3) apply access-group (or change back to original access-list)

--Jason

Go to solution
thult
Level 1
Level 1
In response to jgervia_2

‎12-20-2006 12:00 AM

I do not completely agree.

If modifying an access-list that affects your own connection to the Pix i agree with you that it is best to change to a temporary access-list, but in other cases it is quite safe to alter an active access-list.

From version 6.3 you have the possibility to alter a single line with the command "access-list acl-id line"

Also, it is possible to remove a simgle line in the access-list if you specify the whole line in the "no access-list" command.

//Tomas

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card