Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access-list syntax for removing entry

question about access-lists...

If I have a network address that I need allow access into my network and out to them...say for eg: / 26 ,would the command be 'access-list 20 permit' . Also, if I need to remove that statement, what command can I use. If I use 'no access-list 20' it will remove that entire access list and group...There are no more commands after that one to remove the single individual access-list entry that I've just inserted. Is there a way to do this on the 2500 router? This is in case the access addition does not work properly and I need to remove it from running-config.

Thanks for any advise...

New Member

Re: Access-list syntax for removing entry

copy the access list to word pad or some text file.

Edit the list off line, removing the entry you want.

On the router, delete the old access list with the

no command, then re add the access list and paste the edited access list in at the command prompt.

New Member

Re: Access-list syntax for removing entry

First of all, the Cisco wildcard is, NOT . The .255 would allow a /24. As far as the access-list editing goes, you can't remove individual entries. You need to make sure you do not have that access-list applied to anything (or if you do, make sure you have a way into that router other than through that access-list). Then do the "no access-list 20" which will remove it from the router. Then re-add then access-list with your desired entries. Remember, all ip access-lists have an explicit "deny all" at the end of them. So be careful when adding/removing them, you may find yourself locked out.

-James Feger