cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3344
Views
0
Helpful
7
Replies

FWSM- Can't Remove the access-list

tckoon
Level 1
Level 1

Hi,

Not sure why when I try to remove this line 8 of access-list it return with the access-list is not exist!!. But I show on running config and show access-list it does exist.

The access-list i mentioned is line 8.

[ access-list in running config ]

----------------------------------

access-list vFW6_Private extended permit icmp host 172.18.16.30 host 192.168.106.14

access-list vFW6_Private extended permit icmp host 172.18.16.31 host 192.168.106.14

access-list vFW6_Private extended permit icmp host 172.18.16.32 host 192.168.106.14

access-list vFW6_Private remark --> PERMIT IP NETWORK ICMP TRAFFIC

access-list vFW6_Private extended permit icmp any any

access-list vFW6_Private remark --> SMV POLLING FOR IPN ACCESS SWITCH

access-list vFW6_Private extended permit udp object-group ODMA-Support 172.18.22.0 255.255.255.128 range snmp snmptrap

access-list vFW6_Private extended deny ip 192.168.3.0 255.255.255.0 host 172.18.30.11

access-list vFW6_Private remark --> TEST

access-list vFW6_Private extended permit ip object-group TS_SERVERS_SHT object-group TS_SERVER

[ show access-list vFW6_Private ]

-----------------------------------

P1-PKH-DC-FWSM1/vFW6-MGMT# show access-list vFW6_Private

access-list vFW6_Private; 2876 elements

access-list vFW6_Private line 1 extended permit icmp host 172.18.16.30 host 192.168.106.14 (hitcnt=0) 0xb2b6da

access-list vFW6_Private line 2 extended permit icmp host 172.18.16.31 host 192.168.106.14 (hitcnt=0) 0x9f31da8c

access-list vFW6_Private line 3 extended permit icmp host 172.18.16.32 host 192.168.106.14 (hitcnt=0) 0x91e47fe3

access-list vFW6_Private line 4 remark --> PERMIT IP NETWORK ICMP TRAFFIC access-list vFW6_Private line 5 extended permit icmp any any (hitcnt=272) 0x41c767f9

access-list vFW6_Private line 6 remark --> SMV POLLING FOR IPN ACCESS SWITCH

access-list vFW6_Private line 7 extended permit udp object-group ODMA-Support 172.18.22.0 255.255.255.128 range snmp snmptrap 0x6422021d

access-list vFW6_Private line 7 extended permit udp host 172.18.9.16 172.18.22.0 255.255.255.128 range snmp snmptrap (hitcnt=64) 0x28349cde

access-list vFW6_Private line 8 extended deny ip 192.168.3.0 255.255.255.0 host 172.18.30.11 (hitcnt=71) 0xdac6f6d

access-list vFW6_Private line 9 remark --> TEST

access-list vFW6_Private line 10 extended permit ip object-group TS_SERVERS_SHT object-group TS_SERVER 0x88b6cfd2

access-list vFW6_Private line 10 extended permit ip host 172.18.9.74 host 192.168.106.13 (hitcnt=0) 0xcbb83b1e

access-list vFW6_Private line 10 extended permit ip host 172.18.9.74 host 192.168.106.12 (hitcnt=0) 0x88cf56d8

7 Replies 7

tckoon
Level 1
Level 1

FWSM1/vFW6-MGMT(config)# no access-list vFW6_Private extended deny i$

Specified access-list does not exist

P1-PKH-DC-FWSM1/vFW6-MGMT(config)#

there seems to be an issue with your terminal width (check the $ sign in your second post), you need to type the whole line to remove it:

no access-list vFW6_Private line 8 extended deny ip 192.168.3.0 255.255.255.0 host 172.18.30.11

You can also set the width of the terminal AFAIR.

Regards

Farrukh

Hi,

This have nothing wrong with terminal length.

Regards

i can remove other line of access-list, just the line 8 I can't.

Regards

Well the only difference I see is the others are 'permit' ACEs and this is a deny :).

It might be a software bug. As a temporary workaround you maybe change it in notepad and then reapply it after clearing the ACL

clear configure access-list name..

then paste.

Regards

Farrukh

WebEX with TAC, really is weird problem.Resolve it by clear config access-list then apply back the access-list solve the problem.

Thanks for the update, glad you have it working now :). As I told ya, you have to remove the ACL and then paste a new one, if something as 'basic' as ACL is not working its usually a bug or human error.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: