how to remove a single line from access-list

glenn.peters · ‎06-21-2002

I'm trying to figure out how to remove a single line from an

access list when in config mode. I keep reading all this stuff

about using the no form of the access-list command but

that removes the entire access list. Any help is appreciated.

tstevens · ‎06-21-2002

Unfortunately, this cannot be done in IOS right now. As you have discovered, you must remove the ACL & start over.

In my experience, the best way to manage this is to edit the ACL in a text editor, with the first line the "no" form of the command, and then the modified ACL following, and either cut and paste the entries (which may not work well with very large lists) or tftp the ACL up to the router (make sure you have "end" as the final line if you do it this way).

Like this:

no access-list 101

access 101 permit foo

access 101 deny foo

access 101 permit foo

end

Good luck.

donewald · ‎06-22-2002

Using Named ACL s you can delete specific lines.

Example:

Extended IP access list TEST

permit tcp any any

deny udp any any

permit ip any any

7600#conf t

7600(config)#ip access-list ex TEST

7600(config-ext-nacl)#no deny udp any any

7600# sh access-list TEST

Extended IP access list TEST

permit tcp any any

permit ip any any

Removed the udp deny line. Adding lines to this would apply them to the bottom of the list which might not give you desired results. In this case I'd follow tstevens recommendation on the notepad editing.

Hope this helps,

Don

ccc208607 · ‎11-07-2023

Hey body, this command may help you. use "show access-list" to see the entry numbers

ip access-list extended 100
no 50