acl

Unanswered Question
May 5th, 2009

conf t

no logging console

no banner exec

no banner login

no ip domain name

no ip http server

no ip http access-class 23

no ip http authentication local

no ip http secure-server

no ip http timeout-policy idle 60 life 86400 requests 10000

!

no access-list 23 permit 10.10.10.0 0.0.0.7

!

line vty 0 4

no access-class 23 in

no privilege level 15

no login local

!

line vty 5 15

no access-class 23 in

no privilege level 15

no login local

=========================================

I was cheking our network config on one of the router and I saw

no access-list 23 permit 10.10.10.0 0.0.0.7

why there is a "NO" in the front of the acl can someone explain pls

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cisco steps Tue, 05/05/2009 - 16:11

thanks Collin,

so it safe to take the command out of the config. if there is no ACL, there is no reason to leave that line in the config is that right ?

Thanks again

Jon Marshall Mon, 05/11/2009 - 11:21

"if there is no ACL, there is no reason to leave that line in the config is that right ?"

Correct. If there is nothing left in the config to reference access-list 23 then you are safe to remove it.

Jon

route2null Tue, 05/05/2009 - 21:54

Are you saying you did a "sh run" and saw "no access-list 23 permit 10.10.10.0 0.0.0.7" in the commandd output?

cisco steps Mon, 05/11/2009 - 10:11

yes that is correct !! I was told is part of the config by default for http access

cisco steps Mon, 05/11/2009 - 11:04

you r correct , that was not in a config , it was on the copy/ past config , but still why that command in there ? ..

Richard Burts Tue, 05/12/2009 - 10:46

The command was in the copy/paste config because there is an access list 23 in the running config which is no longer useful and someone wants to remove it.

SDM will typically insert an access list 23 into the config to authenticate for the vty and for http:

access-list 23 permit 10.10.10.0 0.0.0.7

this allows the addresses which SDM will provide by default to access the router.

Since SDM put the access list into the config, but since your organization chooses (wisely I believe) to not retain them in the config, then it is necessary to remove the access list from the running config. That is why it is in the copy/paste config.

HTH

Rick

cisco steps Mon, 05/11/2009 - 11:06

sorry , that was not in sh run , I spook fast ..this was on a file that meant to be past to a router .

Thanks

Actions

This Discussion