Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3259
Views
2
Helpful
10
Replies

How to delete a MAC address in filter

Thai Nguyen Duc
Level 1
Level 1

‎04-25-2017 12:21 AM - edited ‎07-05-2021 06:55 AM

Hi all,

I am writing CLI to block some MAC address.

for example:

access-list 705 deny 7831.c181.d8ff 0000.0000.0000

access-list 705 deny 4404.4470.a7a0 0000.0000.0000

access-list 705 deny c4b3.0118.5258 0000.0000.0000

But I took mistake for a MAC address.

so I want to delete a access-list 705 deny 7831.c181.d8ff 0000.0000.0000

It is as below right ? CLI:

no access-list 705 deny 7831.c181.d8ff 0000.0000.0000

I am not use because when I do like this.

All MAC address was deleted.

I cannot see any MAC address as show access-list 705

so my question is that, How to delete only one MAC address that still keep other MAC address.

Thanks 

Labels:
0 Helpful
10 Replies 10

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎04-25-2017 12:55 AM

just use this command:

no access-list 705 deny 7831.c181.d8ff 0000.0000.0000

Regards

Dont forget to rate helpful posts

0 Helpful

Thai Nguyen Duc
Level 1
Level 1
In response to Sandeep Choudhary

‎04-25-2017 01:05 AM

when I use this command :

no access-list 705 deny 7831.c181.d8ff 0000.0000.0000

and show access-list 705

But cannot see any MAC Address .

it seem to delete all MAC address .

I attached file

Preview file
109 KB
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Thai Nguyen Duc

‎04-25-2017 01:22 AM

Yes.. there is a limitation using CLI  to create and remove the Access-list with same number.

Better to use diff access-list <705/706> numbers.

example:

access-list 705 permit ab1d.e08d.1103 0000.0000.0000

access-list 705 permit 5h59.4835.3b83 0000.0000.0000

access-list 706 permit cd1f.e10e.b422 0000.0000.0000

access-list 706 permit 78e4.0038.7e45 0000.0000.0000

access-list 706 permit ef1b.7745.c576 0000.0000.0000

Regards

Dont forget to rate helpful posts

Thai Nguyen Duc
Level 1
Level 1
In response to Sandeep Choudhary

‎04-25-2017 03:35 AM

Hi 

another issue.

do you have any link related CLI for AP cisco ?

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Thai Nguyen Duc

‎04-25-2017 03:39 AM

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116582-configure-ap-00.html

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-3/cg15-3-3-chap16-filters.html

Regards

Dont forget to rate helpful posts

0 Helpful

Minh
Level 1
Level 1

‎04-21-2025 06:43 AM

Hi Thai, I have the same issue of deleting the MAC filter address. Could you share the solution? Thanks Minh

0 Helpful

Rich R
VIP
VIP
In response to Minh

‎04-22-2025 07:39 AM

@Minh  see the answer from @Sandeep Choudhary above.
You can only add and delete the entire ACL - they cannot be edited like modern IP ACLs.
An alternative is to create a new ACL (706 in Sandeep's example), then switch from using 705 to 706 and then you can delete 705 after you have switched.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Minh
Level 1
Level 1
In response to Rich R

‎04-22-2025 09:04 AM

Hi Rich, Thanks a lot for your help!

0 Helpful

Jens Albrecht
Level 1
Level 1

‎04-22-2025 08:02 AM

As already explained in this thread it is not possible to edit this type of ACLs.
Therefore, I continue to use the good old editor method for longer ACLs that we had to use back in those days when even IP ACLs could not be edited:

  • Do a "show run | in access-list 706" (again based on Sandeep's example)
  • Copy the output to the text editor of your choice and modify the ACL as required
  • Delete the entire ACL on the device with "no access-list 706"
  • Copy the modified ACL from your text editor to the device
  • Verify the modified ACL on the device with show commands

Very old-fashioned but it's working.

HTH!

Minh
Level 1
Level 1
In response to Jens Albrecht

‎04-22-2025 09:02 AM

Jens, Many thanks for the clear and detailed breakdown.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card