Re: Access-list syntax for removing entry

fernando_paul · ‎12-19-2001

question about access-lists...

If I have a network address that I need allow access into my network and out to them...say for eg: 172.35.45.0 / 26 ,would the command be 'access-list 20 permit 172.35.45.0 0.0.0.255' . Also, if I need to remove that statement, what command can I use. If I use 'no access-list 20' it will remove that entire access list and group...There are no more commands after that one to remove the single individual access-list entry that I've just inserted. Is there a way to do this on the 2500 router? This is in case the access addition does not work properly and I need to remove it from running-config.

Thanks for any advise...

millerv · ‎12-19-2001

copy the access list to word pad or some text file.

Edit the list off line, removing the entry you want.

On the router, delete the old access list with the

no command, then re add the access list and paste the edited access list in at the command prompt.

james.feger · ‎12-19-2001

First of all, the Cisco wildcard is 0.0.0.63, NOT 0.0.0.255 . The .255 would allow a /24. As far as the access-list editing goes, you can't remove individual entries. You need to make sure you do not have that access-list applied to anything (or if you do, make sure you have a way into that router other than through that access-list). Then do the "no access-list 20" which will remove it from the router. Then re-add then access-list with your desired entries. Remember, all ip access-lists have an explicit "deny all" at the end of them. So be careful when adding/removing them, you may find yourself locked out.

-James Feger