12-21-2009 07:40 AM - edited 03-11-2019 09:50 AM
I do apologise for reposting; however I am still having a few issues.
After removing a capture from the firewall, I am now trying to remove the access-list associated.
However, the below output shows that the access-list is still infact present on the firewall
host# sh access-list SL-CAP
access-list SL-CAP; 0 elements
host# conf t
host(config)# clear configure access-list SL-CAP
host(config)# wr
Building configuration...
[OK]
host(config)# end
host# sh run | inc SL-CAP
#no output#
host# sh access-list SL-CAP
access-list SL-CAP; 0 elements
Although it is not really a big problem; it would be nice to resolve and see what is causing this strange behaviour.
Regards
Solved! Go to Solution.
12-21-2009 09:13 AM
If the following doesn't work
conf t
clear config access-list SL-CAP
Then add a few lines of dummy acl to the access-list like
access-l SL-CAP permit icmp any any
access-l SL-CAP deny ip any any
Make sure sh access-l SL-CAP | i elements
shows 2 and then try the same thing again.
clear config access-l SL-CAP
-KS
12-21-2009 08:21 AM
just wondering why don't you use the "no " prefix for removing ACL??
12-21-2009 08:31 AM
I believe that using "no" will only remove particular ACL entries as opposed to the ACL itself; forgive me if I am wrong on that..
12-21-2009 09:08 AM
No, infact you are right, thanks for making me rush to the config guide , but at times there are few commands that need system restart to flush out from the NVRAM. Not sure about this particular command. I haven't used the clear configure command, rather i usually copy the config to a notepad and add a no statement to the ACL (to all if i need to delete the complete ACL).
12-21-2009 09:11 AM
Ok, thankyou for the advice!
I will leave this thread open for a little to see if further networking guru's can advise & at a last resort I will use your method.
Thanks again!
12-21-2009 09:13 AM
If the following doesn't work
conf t
clear config access-list SL-CAP
Then add a few lines of dummy acl to the access-list like
access-l SL-CAP permit icmp any any
access-l SL-CAP deny ip any any
Make sure sh access-l SL-CAP | i elements
shows 2 and then try the same thing again.
clear config access-l SL-CAP
-KS
12-21-2009 09:16 AM
Ok, will give that a go
Cheers
12-21-2009 09:21 AM
You my friend, are a star!
That worked perfectly - I take it that an 'empty' access list cannot be removed and will bare this in mind for future and ensure the list is populated.
Thanks again!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: