Say I have configured:

access-list 10 deny   130.0.0.1
access-list 10 deny 120.0.0.1

access-list 10 deny   130.0.1.1

access-list 10 permit  any

The I want to remove the first ACE,

if I do a "no access-list 10 deny   130.0.0.1", it will remove all 4 ACEs, the access-list is completely gone.

Is this expected? Should we have at least the other 3 ACEs left?

Thanks!

If you have access-list 10 and 20, for instance, and when you issue the command "no access-list 10", it will wipe out all access-list 10 only.  Access-list 20 will be left behind.

So I can't just remove the first ACE of this ACL 10? I want to keep the rest of ACEs in ACL 10 un
taced.

Do you mean I should use a different number for each rule?

The second statement for access list 10 will not overwrite the first statement of access list 10, they will con-exist.

But removing the 1st statement of access list 10 will remove all statements regarding access list 10?

Thanks!

Ok.  So you want to remove ONE (or more) selected offending line from your ACL.  Let's take your example:

access-list 10 deny 130.0.0.1
access-list 10 deny 120.0.0.1
access-list 10 deny 130.0.1.1
access-list 10 permit  any

Let's say you want to remove "access-list 10 deny 130.0.1.1".  Cut-n-paste your original ACL into a Wordpad or Notepad and you'll wind up with something like this:

conf t
no access-list 10
access-list 10 deny 130.0.0.1
access-list 10 deny 120.0.0.1
access-list 10 permit  any
end
wr

Cut-n-paste everything back into your ACE.