cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1125
Views
5
Helpful
4
Replies

cisco 7200 router & access-list

ccrespoh
Level 1
Level 1

Hello,

Maybe this question is a nonsense, but I'm not found any answer to it in the manuals I've looked up.

I've got an access-list in a cisco 7200 router and I want to erase one entry of that access-list. I've tried with the 'no' command, but the result was to erase *all* the access-list and not only the entry I wanted to delete.

How can I erase one entry for an access-list without affect the rest of the "rules" of that access-list?

Thanks in advance.

4 Replies 4

p.mcgowan
Level 3
Level 3

the only way to do this is by doing the following:

type show run, copy the access-list you want to modify then paste it to a notepad. remove the entry you want from the access-list. add a new line at the start of the access line that says no access-list 101 then copy and paste the new edited access list back into the router.

E.G.

old access-list

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

access-list 101 permit ip 20.20.20.0 0.0.0.255 any

access-list 101 deny ip any any

new access-list

no access-list 101

access-list 101 permit ip 20.20.20.0 0.0.0.255 any

access-list 101 deny ip any any

it's a pain but it's the only way of doing it

Hello,

Thanks for your answer. I thought that was the only way, but I wasn't sure.

And, what does it happen if your are connected to the router "through" the access-list you are modifying? Are you disconnected or not?

Thanks, again.

If you delete an access-list, the interface that it is operating upon now has no access-list on it. It will therefore allow all traffic through. It is not really a good idea to alter acces-lists on a router via telnet as you may accidentally remove your access. If you put on an access-list that accidentally cuts your connection, reboot the router before you have saved the config and the router will return to the previous configuration listed in the startup-config. It is always fun doing things remotely, especially when you have to phone up the end customer and politely ask them to power reset the device just so that you can get back into it.

Cheers,

Steve

Hi all,

there is a new feature beginning with IOS 12.2(14)S. It sequences the lines in access-list and you can add or delete a line from access-list with the sequence number. You don't have to use traditional long way anymore. ( which is delete complete access-list, make changes and put it back again) It seems very useful. check it : http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html

hope this helps..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: