How to remove an entry from an access-list

marcus-young · ‎10-16-2001

Hi

I have many variables now relating to access-list im trying to block outside access to port 80 i need to start again and need to remove these entry's how do you remove them?????

johansens · ‎10-17-2001

It's not possible to remove a single entry from an accesslist. You must remove the entire access-list:

"no access-list "

and then input the access-list from scratch in the order you want it to be evaluated.

//Stig

jhaukka · ‎10-17-2001

Well, the thing about ACL's is once you start one, being they work from the first line on down, you can't delete just a portion. You gotta start over but what I do is use a common text editor and save 'em to a file I can modify then paste it in when I'm sure. To remove one don't forget to use no ip access-group with the list number for every interface then the no access-list with list numbers as well.

jfrelin · ‎10-19-2001

Actually, I think the best way and most easiest is to setup a tftp server on your network that is secure. Copy all of your Accesslists to a file. ie: acl-10.txt, acl-30.txt, (Accesslist 10, Accesslist 30).

Make the change on your tftp server. Login to the router, issue a 'No access-list xxx" exit out of configure mode and do a copy tftp://hostname/acl-10.txt running. That will copy your entire access-list via tftp into your running config. As long as all is good, issue a "write" and you are done. This procedure works very well on large systems with a great deal of access-lists to control.

awalnet · ‎10-27-2001

Hi,

You did not mention if you are using a router or a PIX firewall.If you are using a PIX firewall then you can remove a single access-list line by preceeding 'no' before that line.

IF you remove the whole PIX access-list then in order to link the access-list to a particular interface of a PIX firewall you have to apply the access-group command again.

Regards,

Zeshan Mansoor Jalali

Network & Systems Engineer

CCNA,CCNP,CCDA,CCIE(R&S)-Written,Cisco Security Specialist.