12-09-2010 11:49 AM - edited 03-06-2019 02:26 PM
hi,
here the list
access-list 1 permit 172.25.76.13
access-list 1 permit 172.25.76.14
access-list 1 permit 172.25.76.15
if i want to remove only 172.25.76.14 i do : "no access-list 1 permit 172.25.76.14" but it remove all.
its normal ?
thank you.
Solved! Go to Solution.
12-09-2010 12:00 PM
Mike,
Since it is numbered access list, it will remove all of it. Copy and paste it to a notepad, remove the one you don't need then paste the reset to the router.
With named access list you can remove one line at the time
HTH
Reza
12-09-2010 12:00 PM
Mike,
Since it is numbered access list, it will remove all of it. Copy and paste it to a notepad, remove the one you don't need then paste the reset to the router.
With named access list you can remove one line at the time
HTH
Reza
12-09-2010 12:43 PM
thank you !
11-01-2012 03:44 AM
Hi Reza and Glen,
How can i paste 50 access list command from notepad txt file
to Router...
at once OR one by one ?
11-01-2012 04:24 AM
You can paste a 50 lines into a ACL. Just keep an eye on it as it pastes to make sure it doesn't reject any of the entries for some reason.
11-01-2012 12:18 PM
Hi Glen,
what does mean of this line
" You can paste a 50 or more lines into a ACL"
Here i m talking about to paste 50 or more access list commands
into router from txt file". For ex,
access-list 101 permit tcp any host 195.85.24.4 eq telnet
access-list 101 permit tcp 195.85.24.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.24.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 deny ip 195.85.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 101 permit tcp 195.85.119.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.120.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.121.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.122.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.123.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.124.0 0.0.0.255 host 10.13.2.3 eq 3389
access-list 101 permit tcp 195.85.119.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 permit tcp 195.85.120.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 permit tcp 195.85.121.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 permit tcp 195.85.122.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 permit tcp 195.85.123.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 permit tcp 195.85.124.0 0.0.0.255 host 10.13.10.5 eq 3389
access-list 101 deny ip 195.85.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 101 permit ip any any
-----
-----
----
----
Paste each access-list line one by one OR paste all at once by Ctrl+V ??
that is my Question to you.....
11-01-2012 01:42 PM
You can paste them all at once , just keep an eye on it as it goes in to make sure it doesn't reject any of your acl statements.
12-09-2010 12:11 PM
This is normal.
However you can edit access-list if you use the command ip access-list instad of just access-list.
Here is a link that hows you how to use line/sequence numbers in ACL's
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html
Edit:
here is an example i just did.
test_r1#
test_r1(config)#access-list 101 permit ip 10.0.0.0 0.255.255.255 any
test_r1(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.255.255
test_r1(config)#^Z
test_r1#sh run | inc access-list
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
ok so here i realize that the deny statement will never take affect since its the 2nd.
test_r1#
test_r1#sh ip access-lists 101
Extended IP access list 101
10 permit ip 10.0.0.0 0.255.255.255 any
20 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
Here I can see the line numbers used in the ACL.
So I must have it before the permit statement.
test_r1#
test_r1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
test_r1(config)#ip access-list extended 101
test_r1(config-ext-nacl)#no 20 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
test_r1(config-ext-nacl)#5 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
test_r1(config-ext-nacl)#^Z
test_r1#sh ip access-lists 101
*Mar 1 00:13:39.307: %SYS-5-CONFIG_I: Configured from console by console
test_r1#sh ip access-lists 101
Extended IP access list 101
5 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
10 permit ip 10.0.0.0 0.255.255.255 any
And there it is.
HTH
12-09-2010 01:46 PM
Mathias is correct , I reccomend always editing your acl's this way. Go into what I ACL config mode as Mathias has shown and you can add or delete individual lines in your ACL even if its a numbered ACL . Real old code did not number the entries and you could only add or delete the entries but you could not put them into specific places within the ACL , since 12.2T trains the entry numbers were added and you can put entries anywhere you want in the ACL .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide