Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5500 Access List removal

I do apologise for reposting; however I am still having a few issues.

After removing a capture from the firewall, I am now trying to remove the access-list associated.

However, the below output shows that the access-list is still infact present on the firewall

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements
host# conf t
host(config)# clear configure access-list SL-CAP
host(config)# wr
Building configuration...

[OK]
host(config)# end
host# sh run | inc SL-CAP

#no output#

host# sh access-list SL-CAP
access-list SL-CAP; 0 elements

Although it is not really a big problem; it would be nice to resolve and see what is causing this strange behaviour.

Regards

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 5500 Access List removal

If the following doesn't work

conf t

clear config access-list SL-CAP

Then add a few lines of dummy acl to the access-list like

access-l SL-CAP permit icmp any any

access-l SL-CAP deny ip any any

Make sure sh access-l SL-CAP | i elements

shows 2 and then try the same thing again.

clear config access-l SL-CAP

-KS

7 REPLIES
New Member

Re: ASA 5500 Access List removal

just wondering why don't you use the "no " prefix for removing ACL??

New Member

Re: ASA 5500 Access List removal

I believe that using "no" will only remove particular ACL entries as opposed to the ACL itself; forgive me if I am wrong on that..

New Member

Re: ASA 5500 Access List removal

No, infact you are right, thanks for making me rush to the config guide ,  but at times there are few commands that need system restart to flush out from the NVRAM. Not sure about this particular command. I haven't used the clear configure command, rather i usually copy the config to a notepad and add a no statement to the ACL (to all if i need to delete the complete ACL).

New Member

Re: ASA 5500 Access List removal

Ok, thankyou for the advice!

I will leave this thread open for a little to see if further networking guru's can advise & at a last resort I will use your method.

Thanks again!

Cisco Employee

Re: ASA 5500 Access List removal

If the following doesn't work

conf t

clear config access-list SL-CAP

Then add a few lines of dummy acl to the access-list like

access-l SL-CAP permit icmp any any

access-l SL-CAP deny ip any any

Make sure sh access-l SL-CAP | i elements

shows 2 and then try the same thing again.

clear config access-l SL-CAP

-KS

New Member

Re: ASA 5500 Access List removal

Ok, will give that a go

Cheers

New Member

Re: ASA 5500 Access List removal

You my friend, are a star!

That worked perfectly - I take it that an 'empty' access list cannot be removed and will bare this in mind for future and ensure the list is populated.

Thanks again!

18754
Views
0
Helpful
7
Replies