05-05-2009 03:42 AM - edited 03-04-2019 04:38 AM
conf t
no logging console
no banner exec
no banner login
no ip domain name
no ip http server
no ip http access-class 23
no ip http authentication local
no ip http secure-server
no ip http timeout-policy idle 60 life 86400 requests 10000
!
no access-list 23 permit 10.10.10.0 0.0.0.7
!
line vty 0 4
no access-class 23 in
no privilege level 15
no login local
!
line vty 5 15
no access-class 23 in
no privilege level 15
no login local
=========================================
I was cheking our network config on one of the router and I saw
no access-list 23 permit 10.10.10.0 0.0.0.7
why there is a "NO" in the front of the acl can someone explain pls
Thanks
05-05-2009 05:29 AM
no simply removes the ACE/ACL.
05-05-2009 04:11 PM
thanks Collin,
so it safe to take the command out of the config. if there is no ACL, there is no reason to leave that line in the config is that right ?
Thanks again
05-11-2009 11:21 AM
"if there is no ACL, there is no reason to leave that line in the config is that right ?"
Correct. If there is nothing left in the config to reference access-list 23 then you are safe to remove it.
Jon
05-05-2009 09:54 PM
Are you saying you did a "sh run" and saw "no access-list 23 permit 10.10.10.0 0.0.0.7" in the commandd output?
05-11-2009 10:11 AM
yes that is correct !! I was told is part of the config by default for http access
05-11-2009 10:23 AM
That is not show run output. That is config to copy & Paste from file.
05-11-2009 11:04 AM
you r correct , that was not in a config , it was on the copy/ past config , but still why that command in there ? ..
05-12-2009 10:46 AM
The command was in the copy/paste config because there is an access list 23 in the running config which is no longer useful and someone wants to remove it.
SDM will typically insert an access list 23 into the config to authenticate for the vty and for http:
access-list 23 permit 10.10.10.0 0.0.0.7
this allows the addresses which SDM will provide by default to access the router.
Since SDM put the access list into the config, but since your organization chooses (wisely I believe) to not retain them in the config, then it is necessary to remove the access list from the running config. That is why it is in the copy/paste config.
HTH
Rick
05-11-2009 11:06 AM
sorry , that was not in sh run , I spook fast ..this was on a file that meant to be past to a router .
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide