cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11422
Views
4
Helpful
8
Replies

no access-list

Michel Legare
Level 1
Level 1

hi,

here the list

access-list 1 permit 172.25.76.13

access-list 1 permit 172.25.76.14

access-list 1 permit 172.25.76.15

if i want to remove only 172.25.76.14 i do : "no access-list 1 permit 172.25.76.14" but it remove all.

its normal ?

thank you.

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Mike,

Since it is numbered access list, it will remove all of it.  Copy and paste it to a notepad, remove the one you don't need then paste the reset to the router.

With named access list you can remove one line at the time

HTH

Reza

View solution in original post

8 Replies 8

Reza Sharifi
Hall of Fame
Hall of Fame

Mike,

Since it is numbered access list, it will remove all of it.  Copy and paste it to a notepad, remove the one you don't need then paste the reset to the router.

With named access list you can remove one line at the time

HTH

Reza

thank you !

Hi Reza and Glen,

How can i paste 50 access list command from notepad txt file

to Router...

at once  OR  one by one ?

  You can paste a 50 lines  into a ACL.  Just keep an eye on it as it pastes to make sure it doesn't reject any of the entries for some reason. 

Hi Glen,

what does mean of this line

" You can paste a 50 or more lines  into a ACL"

Here i m talking about to paste 50 or more access list commands

into router from txt file". For ex,

access-list 101 permit tcp any host 195.85.24.4 eq telnet

access-list 101 permit tcp 195.85.24.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.24.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 deny   ip 195.85.0.0 0.0.255.255 10.0.0.0 0.255.255.255

access-list 101 permit tcp 195.85.119.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.120.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.121.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.122.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.123.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.124.0 0.0.0.255 host 10.13.2.3 eq 3389

access-list 101 permit tcp 195.85.119.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 permit tcp 195.85.120.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 permit tcp 195.85.121.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 permit tcp 195.85.122.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 permit tcp 195.85.123.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 permit tcp 195.85.124.0 0.0.0.255 host 10.13.10.5 eq 3389

access-list 101 deny   ip 195.85.0.0 0.0.255.255 10.0.0.0 0.255.255.255

access-list 101 permit ip any any

-----

-----

----

----

Paste each access-list line one by one  OR  paste all at once by Ctrl+V  ??

that is my Question to you.....      

You can paste them all at once , just keep an eye on it as it goes in to make sure it doesn't reject any of your acl statements.

Mathias Garcia
Level 1
Level 1

This is normal.

However you can edit access-list if you use the command ip access-list instad of just access-list.

Here is a link that hows you how to use line/sequence numbers in ACL's

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html

Edit:

here is an example i just did.

test_r1#
test_r1(config)#access-list 101 permit ip 10.0.0.0 0.255.255.255 any
test_r1(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.255.255
test_r1(config)#^Z

test_r1#sh run | inc access-list
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255

ok so here i realize that the deny statement will never take affect since its the 2nd.

test_r1#
test_r1#sh ip access-lists 101
Extended IP access list 101
    10 permit ip 10.0.0.0 0.255.255.255 any
    20 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255

Here I can see the line numbers used in the ACL.
So I must have it before the permit statement.


test_r1#
test_r1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
test_r1(config)#ip access-list extended 101
test_r1(config-ext-nacl)#no 20 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
test_r1(config-ext-nacl)#5 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
test_r1(config-ext-nacl)#^Z
test_r1#sh ip access-lists 101
*Mar  1 00:13:39.307: %SYS-5-CONFIG_I: Configured from console by console
test_r1#sh ip access-lists 101
Extended IP access list 101
    5 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
    10 permit ip 10.0.0.0 0.255.255.255 any

And there it is.

HTH

  Mathias is correct , I reccomend always editing your acl's this way. Go into what I  ACL config mode as Mathias has shown and you can add or delete individual lines  in your ACL even if its a numbered ACL .  Real old code did not number the entries and you could only add or delete the entries but you could not put them into specific places within the ACL , since 12.2T trains the entry numbers were added and you can put entries anywhere you want in the ACL .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco