Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to remove a single line from access-list

I'm trying to figure out how to remove a single line from an

access list when in config mode. I keep reading all this stuff

about using the no form of the access-list command but

that removes the entire access list. Any help is appreciated.

2 REPLIES
Cisco Employee

Re: how to remove a single line from access-list

Unfortunately, this cannot be done in IOS right now. As you have discovered, you must remove the ACL & start over.

In my experience, the best way to manage this is to edit the ACL in a text editor, with the first line the "no" form of the command, and then the modified ACL following, and either cut and paste the entries (which may not work well with very large lists) or tftp the ACL up to the router (make sure you have "end" as the final line if you do it this way).

Like this:

no access-list 101

access 101 permit foo

access 101 deny foo

access 101 permit foo

end

Good luck.

Silver

Re: how to remove a single line from access-list

Using Named ACL s you can delete specific lines.

Example:

Extended IP access list TEST

permit tcp any any

deny udp any any

permit ip any any

7600#conf t

7600(config)#ip access-list ex TEST

7600(config-ext-nacl)#no deny udp any any

7600# sh access-list TEST

Extended IP access list TEST

permit tcp any any

permit ip any any

Removed the udp deny line. Adding lines to this would apply them to the bottom of the list which might not give you desired results. In this case I'd follow tstevens recommendation on the notepad editing.

Hope this helps,

Don

727
Views
0
Helpful
2
Replies