FWSM- Can't Remove the access-list

Unanswered Question

Hi,


Not sure why when I try to remove this line 8 of access-list it return with the access-list is not exist!!. But I show on running config and show access-list it does exist.

The access-list i mentioned is line 8.



[ access-list in running config ]

----------------------------------

access-list vFW6_Private extended permit icmp host 172.18.16.30 host 192.168.106.14

access-list vFW6_Private extended permit icmp host 172.18.16.31 host 192.168.106.14

access-list vFW6_Private extended permit icmp host 172.18.16.32 host 192.168.106.14

access-list vFW6_Private remark --> PERMIT IP NETWORK ICMP TRAFFIC

access-list vFW6_Private extended permit icmp any any

access-list vFW6_Private remark --> SMV POLLING FOR IPN ACCESS SWITCH

access-list vFW6_Private extended permit udp object-group ODMA-Support 172.18.22.0 255.255.255.128 range snmp snmptrap

access-list vFW6_Private extended deny ip 192.168.3.0 255.255.255.0 host 172.18.30.11

access-list vFW6_Private remark --> TEST

access-list vFW6_Private extended permit ip object-group TS_SERVERS_SHT object-group TS_SERVER


[ show access-list vFW6_Private ]

-----------------------------------


P1-PKH-DC-FWSM1/vFW6-MGMT# show access-list vFW6_Private

access-list vFW6_Private; 2876 elements

access-list vFW6_Private line 1 extended permit icmp host 172.18.16.30 host 192.168.106.14 (hitcnt=0) 0xb2b6da

access-list vFW6_Private line 2 extended permit icmp host 172.18.16.31 host 192.168.106.14 (hitcnt=0) 0x9f31da8c

access-list vFW6_Private line 3 extended permit icmp host 172.18.16.32 host 192.168.106.14 (hitcnt=0) 0x91e47fe3

access-list vFW6_Private line 4 remark --> PERMIT IP NETWORK ICMP TRAFFIC access-list vFW6_Private line 5 extended permit icmp any any (hitcnt=272) 0x41c767f9

access-list vFW6_Private line 6 remark --> SMV POLLING FOR IPN ACCESS SWITCH

access-list vFW6_Private line 7 extended permit udp object-group ODMA-Support 172.18.22.0 255.255.255.128 range snmp snmptrap 0x6422021d

access-list vFW6_Private line 7 extended permit udp host 172.18.9.16 172.18.22.0 255.255.255.128 range snmp snmptrap (hitcnt=64) 0x28349cde

access-list vFW6_Private line 8 extended deny ip 192.168.3.0 255.255.255.0 host 172.18.30.11 (hitcnt=71) 0xdac6f6d

access-list vFW6_Private line 9 remark --> TEST

access-list vFW6_Private line 10 extended permit ip object-group TS_SERVERS_SHT object-group TS_SERVER 0x88b6cfd2

access-list vFW6_Private line 10 extended permit ip host 172.18.9.74 host 192.168.106.13 (hitcnt=0) 0xcbb83b1e

access-list vFW6_Private line 10 extended permit ip host 172.18.9.74 host 192.168.106.12 (hitcnt=0) 0x88cf56d8

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Tue, 10/21/2008 - 05:29
User Badges:
  • Red, 2250 points or more

there seems to be an issue with your terminal width (check the $ sign in your second post), you need to type the whole line to remove it:


no access-list vFW6_Private line 8 extended deny ip 192.168.3.0 255.255.255.0 host 172.18.30.11


You can also set the width of the terminal AFAIR.


Regards


Farrukh

Farrukh Haroon Tue, 10/21/2008 - 22:28
User Badges:
  • Red, 2250 points or more

Well the only difference I see is the others are 'permit' ACEs and this is a deny :).


It might be a software bug. As a temporary workaround you maybe change it in notepad and then reapply it after clearing the ACL


clear configure access-list name..


then paste.


Regards


Farrukh

Farrukh Haroon Fri, 10/24/2008 - 21:11
User Badges:
  • Red, 2250 points or more

Thanks for the update, glad you have it working now :). As I told ya, you have to remove the ACL and then paste a new one, if something as 'basic' as ACL is not working its usually a bug or human error.


Regards


Farrukh

Actions

This Discussion