Solved: Remove ACL

giacomo12 · ‎12-28-2015

Hi,

I'm involved in a Packet Tracer exercise.

I have to remove an extended ACL 110 from a router (R1):

I type: R1#(config) no access-list 110

Now the network devices warks as I want, but the output of "R1#show running-config" still show me the extended ACL 110. Why?

Thanks

marc.groenen · ‎12-28-2015

I dont see the ACL in the configuration.

Only under int S0/0/0 you are using access-list 101 do you want to remove this ?

Then you can type

conf t

int s0/0/0

no ip access-group 101 out

end

So in fact the ACL is gone ( or removed from the configuration) but the commands referring to the ACL (ie. ip access-group under interface or ACL under SNMP community or ACL under VTY) will still be intact. You have to remove these manually.

View solution in original post

marc.groenen · ‎12-28-2015

since it is an extended acl the commando should be "no ip access-list extended 110"

giacomo12 · ‎12-28-2015

Thanks, but I'm having the same result. In the running configuration the extended ACL is still there

marc.groenen · ‎12-28-2015

Can you post the output of the show running command for that ACL ?

giacomo12 · ‎12-28-2015

The ACL 101 has been configured on interface S0/0/0:

R1#show running-config
Building configuration...

Current configuration : 940 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX152417FN
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.10.1.1 255.255.255.252
ip access-group 101 out
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 192.168.10.0 0.0.0.255 area 10

marc.groenen · ‎12-28-2015

I dont see the ACL in the configuration.

Only under int S0/0/0 you are using access-list 101 do you want to remove this ?

Then you can type

conf t

int s0/0/0

no ip access-group 101 out

end

So in fact the ACL is gone ( or removed from the configuration) but the commands referring to the ACL (ie. ip access-group under interface or ACL under SNMP community or ACL under VTY) will still be intact. You have to remove these manually.

Joseph W. Doherty · ‎12-28-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Packet Tracer has had a history of not implementing all IOS features correctly; might be the case here too. What version are you using?