Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
5
Helpful
9
Replies

acl

cisco steps
Level 1
Level 1

‎05-05-2009 03:42 AM - edited ‎03-04-2019 04:38 AM

conf t

no logging console

no banner exec

no banner login

no ip domain name

no ip http server

no ip http access-class 23

no ip http authentication local

no ip http secure-server

no ip http timeout-policy idle 60 life 86400 requests 10000

!

no access-list 23 permit 10.10.10.0 0.0.0.7

!

line vty 0 4

no access-class 23 in

no privilege level 15

no login local

!

line vty 5 15

no access-class 23 in

no privilege level 15

no login local

=========================================

I was cheking our network config on one of the router and I saw

no access-list 23 permit 10.10.10.0 0.0.0.7

why there is a "NO" in the front of the acl can someone explain pls

Thanks

Labels:
0 Helpful
9 Replies 9

Collin Clark
VIP Alumni
VIP Alumni

‎05-05-2009 05:29 AM

no simply removes the ACE/ACL.

cisco steps
Level 1
Level 1
In response to Collin Clark

‎05-05-2009 04:11 PM

thanks Collin,

so it safe to take the command out of the config. if there is no ACL, there is no reason to leave that line in the config is that right ?

Thanks again

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to cisco steps

‎05-11-2009 11:21 AM

"if there is no ACL, there is no reason to leave that line in the config is that right ?"

Correct. If there is nothing left in the config to reference access-list 23 then you are safe to remove it.

Jon

0 Helpful

route2null
Level 1
Level 1

‎05-05-2009 09:54 PM

Are you saying you did a "sh run" and saw "no access-list 23 permit 10.10.10.0 0.0.0.7" in the commandd output?

0 Helpful

cisco steps
Level 1
Level 1
In response to route2null

‎05-11-2009 10:11 AM

yes that is correct !! I was told is part of the config by default for http access

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to cisco steps

‎05-11-2009 10:23 AM

That is not show run output. That is config to copy & Paste from file.

0 Helpful

cisco steps
Level 1
Level 1
In response to paolo bevilacqua

‎05-11-2009 11:04 AM

you r correct , that was not in a config , it was on the copy/ past config , but still why that command in there ? ..

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to cisco steps

‎05-12-2009 10:46 AM

The command was in the copy/paste config because there is an access list 23 in the running config which is no longer useful and someone wants to remove it.

SDM will typically insert an access list 23 into the config to authenticate for the vty and for http:

access-list 23 permit 10.10.10.0 0.0.0.7

this allows the addresses which SDM will provide by default to access the router.

Since SDM put the access list into the config, but since your organization chooses (wisely I believe) to not retain them in the config, then it is necessary to remove the access list from the running config. That is why it is in the copy/paste config.

HTH

Rick

HTH

Rick
0 Helpful

cisco steps
Level 1
Level 1
In response to route2null

‎05-11-2009 11:06 AM

sorry , that was not in sh run , I spook fast ..this was on a file that meant to be past to a router .

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card