Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1376
Views
5
Helpful
4
Replies

cisco 7200 router & access-list

ccrespoh
Level 1
Level 1

‎11-03-2003 12:03 PM - edited ‎02-20-2020 09:22 PM

Hello,

Maybe this question is a nonsense, but I'm not found any answer to it in the manuals I've looked up.

I've got an access-list in a cisco 7200 router and I want to erase one entry of that access-list. I've tried with the 'no' command, but the result was to erase *all* the access-list and not only the entry I wanted to delete.

How can I erase one entry for an access-list without affect the rest of the "rules" of that access-list?

Thanks in advance.

Labels:
0 Helpful
4 Replies 4

p.mcgowan
Level 3
Level 3

‎11-04-2003 06:35 AM

the only way to do this is by doing the following:

type show run, copy the access-list you want to modify then paste it to a notepad. remove the entry you want from the access-list. add a new line at the start of the access line that says no access-list 101 then copy and paste the new edited access list back into the router.

E.G.

old access-list

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

access-list 101 permit ip 20.20.20.0 0.0.0.255 any

access-list 101 deny ip any any

new access-list

no access-list 101

access-list 101 permit ip 20.20.20.0 0.0.0.255 any

access-list 101 deny ip any any

it's a pain but it's the only way of doing it

ccrespoh
Level 1
Level 1
In response to p.mcgowan

‎11-05-2003 12:25 AM

Hello,

Thanks for your answer. I thought that was the only way, but I wasn't sure.

And, what does it happen if your are connected to the router "through" the access-list you are modifying? Are you disconnected or not?

Thanks, again.

0 Helpful

steven.wilson
Level 1
Level 1
In response to ccrespoh

‎11-05-2003 01:33 AM

If you delete an access-list, the interface that it is operating upon now has no access-list on it. It will therefore allow all traffic through. It is not really a good idea to alter acces-lists on a router via telnet as you may accidentally remove your access. If you put on an access-list that accidentally cuts your connection, reboot the router before you have saved the config and the router will return to the previous configuration listed in the startup-config. It is always fun doing things remotely, especially when you have to phone up the end customer and politely ask them to power reset the device just so that you can get back into it.

Cheers,

Steve

0 Helpful

nihal.akbulut
Level 1
Level 1
In response to steven.wilson

‎11-05-2003 04:32 AM

Hi all,

there is a new feature beginning with IOS 12.2(14)S. It sequences the lines in access-list and you can add or delete a line from access-list with the sequence number. You don't have to use traditional long way anymore. ( which is delete complete access-list, make changes and put it back again) It seems very useful. check it : http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html

hope this helps..

0 Helpful
Customers Also Viewed These Support Documents