11-27-2007 12:30 AM - edited 03-11-2019 04:35 AM
Hi,
I need to remove only an ACL entry from ACE which i created by adding network object in object-group.....i am not able to do same because all ACL having same line no. and ACL name.
#access-list acl-in line 120 extended permit tcp object-group xxx-xxx-xxx host x.x.x.x eq xxxx
access-list acl-in line 120 extended permit tcp host x.x.x.x host x.x.x.x eq xxx
any idea to remove........
11-27-2007 05:53 AM
why can't u copy that exact statement, and go for?
no
11-27-2007 06:01 AM
you have to remove it from the object-group. you can't selectively allow only parts of an object group in an ACL.
11-27-2007 06:05 AM
I can't remove from object-group because i allow traffic of same source>>>>diffrent destination ip and port.......
if i will remove from object then all acl will be remove for that ip from object-group and other servers will be out of customer access.....
11-27-2007 06:01 AM
I tried same but not able to do so, getting below error...
Specified access-list does not exist
11-27-2007 07:13 AM
use two different object groups then.
11-27-2007 07:16 AM
i having so many acl with same configuration in diffrent object group so it's very tuff to remove from object-group then add acl in another object-group....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide