Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
18729
Views
0
Helpful
13
Replies

trying to remove an access-list line from a config...

Go to solution
ChuckHaynes
Level 3
Level 3

ā€Ž09-28-2014 09:14 AM - edited ā€Ž03-11-2019 09:49 PM

I am simply trying to remove the last light (highlighted in bold), but can't figure out how to do it...

 

access-list outside_1_cryptomap extended permit ip object-group Dupont object-group MEC
access-list inside_access_in extended permit ip object-group Dupont object-group MEC
access-list inside_access_in remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

 

If I do a "no access-list inside_access_in remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC" then it gives me a "Specified remark does not exist".

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ChuckHaynes

ā€Ž09-28-2014 04:10 PM

Glad it worked out after all. Please mark your question as answered if it has been.

It looks like you were hitting a bug. You aren't running 9.0(3) or lower in that release train are you? If so you could possibly be seeing CSCuj99263.

View solution in original post

0 Helpful
13 Replies 13

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž09-28-2014 09:29 AM

Try this:

      no access-list inside_access_in line 1 remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

or simply:

no access-list inside_access_in line 1 remark

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Marvin Rhoads

ā€Ž09-28-2014 10:09 AM

Try this:

      no access-list inside_access_in line 1 remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

"Specified remark does not exist"

or simply:

no access-list inside_access_in line 1 remark

ERROR: % Incomplete command

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ChuckHaynes

ā€Ž09-28-2014 10:11 AM

Hmm. I just did both on a test config and they worked fine.

Can you go in via ASDM and edit the ACE there?

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Marvin Rhoads

ā€Ž09-28-2014 10:15 AM

The weird thing is, I only see the first two lines in ASDM. Unless I'm looking in the wrong place, I don't see any remarks at all...??

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ChuckHaynes

ā€Ž09-28-2014 11:01 AM

Try

 no access-list inside_access_in line 1 remark Migration

If that doesn't work, please provide the output of:

 show run | i Migration

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Marvin Rhoads

ā€Ž09-28-2014 11:07 AM

ShoemakerDP-fw# conf t
ShoemakerDP-fw(config)#  no access-list inside_access_in line 1 remark Migration
Specified remark does not exist
ShoemakerDP-fw(config)# exit
ShoemakerDP-fw# show run | i Migration
access-list inside_access_in remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ChuckHaynes

ā€Ž09-28-2014 11:56 AM

Hmm that's very odd. The syntax all appears correct. A remark can be up to 100 characters long and include punctuation so that's all ok (yours is 80 characters).

I created the exact same remark on an ACL on my ASA and the removal worked just fine (see below). You may need to completely remove and re-add the ACL (without the remark line).

 

ASA#  conf t
ASA(config)# access-list cco extended permit ip any any
ASA(config)# access-list cco remark Migration, ACE (line 1) expanded: perm$
ASA(config)# end
ASA# sh run | i Migrat
access-list cco remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC
ASA# 
ASA# 
ASA# conf t
ASA(config)# no access-list cco remark Migration, ACE (line 1) expanded: p$
ASA(config)# end
ASA# sh run | i Migrat                                     
ASA#

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Marvin Rhoads

ā€Ž09-28-2014 01:47 PM

I tried to remove it again and got the "Specified remark does not exist" once more. I then removed the entire ACL, but the line in question still showed up in the config?! I did a reload and it was still there. HOWEVER, after the reload, I was able to do a "no access-list cco remark Migration, ACE (line 1) expanded: permit ip object-group Dupont object-group MEC" and it did finally remove it!! I did a copy run start and then another reload just to be sure, haha. It's now gone and I'm happy. I'm not exactly sure what happened... I guess I should have done the reload earlier :)

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ChuckHaynes

ā€Ž09-28-2014 04:10 PM

Glad it worked out after all. Please mark your question as answered if it has been.

It looks like you were hitting a bug. You aren't running 9.0(3) or lower in that release train are you? If so you could possibly be seeing CSCuj99263.

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Marvin Rhoads

ā€Ž09-28-2014 05:41 PM

5505

ASA - 8.3.1

ASDM - 6.4.9 (103)

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ChuckHaynes

ā€Ž09-28-2014 08:22 PM

Ohhh 8.3(1) - from March 2010. That's not a recommended release - it was the first release of the major rewrite of a lot of code.

Cisco currently recommends 8.4(7) (September 2013) or 9.0(4) (December 2013) as the most stable releases for that platform.

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Marvin Rhoads

ā€Ž09-29-2014 03:42 AM

Thanks

0 Helpful

Go to solution
abdulrehamancisco86503
Level 1
Level 1

ā€Ž10-30-2020 12:08 PM

HI, 

 

We can remove one by one ACL. Please check the line number after removing. Rest of the ACL number get change after removing the ACL. It worked for me. 

 

Thanks

Abdul

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card