12-19-2001 12:25 AM - edited 03-01-2019 07:48 PM
question about access-lists...
If I have a network address that I need allow access into my network and out to them...say for eg: 172.35.45.0 / 26 ,would the command be 'access-list 20 permit 172.35.45.0 0.0.0.255' . Also, if I need to remove that statement, what command can I use. If I use 'no access-list 20' it will remove that entire access list and group...There are no more commands after that one to remove the single individual access-list entry that I've just inserted. Is there a way to do this on the 2500 router? This is in case the access addition does not work properly and I need to remove it from running-config.
Thanks for any advise...
12-19-2001 09:01 AM
copy the access list to word pad or some text file.
Edit the list off line, removing the entry you want.
On the router, delete the old access list with the
no command, then re add the access list and paste the edited access list in at the command prompt.
12-19-2001 09:39 AM
First of all, the Cisco wildcard is 0.0.0.63, NOT 0.0.0.255 . The .255 would allow a /24. As far as the access-list editing goes, you can't remove individual entries. You need to make sure you do not have that access-list applied to anything (or if you do, make sure you have a way into that router other than through that access-list). Then do the "no access-list 20" which will remove it from the router. Then re-add then access-list with your desired entries. Remember, all ip access-lists have an explicit "deny all" at the end of them. So be careful when adding/removing them, you may find yourself locked out.
-James Feger
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide