10-12-2012 12:49 AM - edited 03-07-2019 09:25 AM
Hi,
Is it possible to remove the "log" keywork from ACLs without having to recreate them.
For example, if I have the following ACL
Access-list 120 deny ip any any log
If you want to remove the "log" keyword, do I need to do "no" to ACL and then recreate ACL without "log". Is it doable simply by removing just the "log" keyword?
Thanks,
10-12-2012 01:33 AM
Hi Fawad,
As per my knowledge you can't do that..and even using this command is not a best practice bcoz if the traffic is huge and matching this statement significantly then router may crash...
Hence please use the below command instead of using your one...
show ip accounting access-violations <<<<<<<<<<<<
But as ur questions was different..so, i can say no you have to remove whole command and then enable it by adding this again without log keyword...
Hope this would be helpful to u.
Thanks.
Regards,
Amit
Please dont forget to rate this answer..if it is helpful.
02-13-2015 09:22 AM
This might be bit old thread...
Yes, you can remove it by adding new entry with lower sequence number.
Let's say you have ACL 120.
access-list 110 deny icmp any any redirect log
<zapped>
1. sho ip access-l 120
10 deny icmp any any redirect log
<zapped>
!
2. conf ter
ip access-l ext 120
9 deny icmp any any redirect
exit
!
3. do sh ip access-l 120
10 deny icmp any any redirect
<zapped>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide