Removal of IP Access-List Extended Policy Entry

mikntwd49508 · ‎07-05-2007

Hi.

I need to know what commands (how) to delete a duplicated entry in running configuration of Cisco 2811 Router.

Current config shows:

ip access-list extended Policy-NAT

permit ip host 10.1.1.11 192.168.2.0 0.0.0.255

ip access-list extended Policy-Nat

permit ip host 10.1.0.11 192.0.0.0 0.0.255.255.255

*** Notice- the two naming conventions are similar but one has capital letters and has wrong ip of 10.1.1.11.

The second entry shows correct IP 10.1.0.11.

*** All I want is correct value for the following in running-config:

ip access-list extended Policy-Nat

permit ip host 10.1.0.11 192.168.2.0 0.255.255.255.

Thanks, :-)

sundar.palaniappan · ‎07-05-2007

Hi

Access list names are case sensitive. Thus the router thinks these are two different access lists. I am not sure if I understood your requirement correctly but if you want to remove the first access list then all you have to do is to configure 'no ip access-list extended Policy-NAT'. This would remove the erroneously configured access list.

If you have a different requirement please clarify the same.

HTH

Sundar

Steven.Sanchez · ‎07-05-2007

There is a bunch of ways to do it but this should work.

no ip access-list extended Policy-NAT

!

ip access-list extended Policy-Nat

no permit ip host 10.1.0.11 192.0.0.0 0.0.255.255.255

permit ip host 10.1.1.11 192.168.2.0 0.0.0.255

end

!

royalblues · ‎07-05-2007

Friend,

First let us know which is the active access-list in your configuration. This could either be a part of some policy or even applied directly to the interface with the help pf access-group statements.

Once you have that confirmation, you can edit the access-list as said by the previous poster and delete the other one.

HTH

Narayan