FWSM ver 3.2 - No access-list line x doesn't work

Nirmal Singh · ‎12-11-2011

Hi All,

I am trying to remove a line in a particular access-list configured in a FWSM module using this command "no access-list <acl> line 19 x x x x" but it doesn't work. See below:

FWSM/xxx03(config)# no access-list ?

configure mode commands/options:

alert-interval Specify the alert interval for generating syslog message

106001 which alerts that the system has reached a deny

flow maximum. If not specified, the default value is 300 sec

deny-flow-max Specify the maximum number of concurrent deny flows that can

be created. If not specified, the default value is 4096

How can I remove a line from the access-list without clearing the entire access-list?

Thanks in advance

andrey.dugin · ‎12-12-2011

You can remove one line instead of invisibility of this option. Type "no" and ACL entry which you want to delete.

Nirmal Singh · ‎12-12-2011

Thanks Andrey.

You mean I should just type

" No access-list extended permit tcp object-group object-group object-group "

and it will work?

But why doesn't the IOS show it?

Julio Carvajal · ‎12-12-2011

Hello Nirmal,

What Andrey suggested is correct, that is all you need.

Now on the last post you add it this:

No access-list extended permit tcp object-group object-group object-group

Everything is fine except the extended. you do not need that, so it would look like this example:

No access-list test permit tcp any any eq 80

That should take out from the access-list that particular line, now it is weard that when you do no access-list you do not get the word command ( witch is the name or number of the ACL) but lets give it a try with the command Andrey suggested and let see how it goes.

Please rate helpful posts.

Julio!!!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC