03-11-2010 12:27 PM - edited 03-09-2019 10:51 PM
Hi, I have a question regarding the Standard ACL.
If I have 1000 lines of ACEs in an standard ACL, and I remove one ACE from the standard ACL, should this ACL be completely gone? Or we should have the rest of 999 ACEs still there?
Thanks!
03-11-2010 01:10 PM
How did you remove your ACL? The safest method is to copy your ACLs to a Notepad/Wordpad and remove the line(s) and then cut-n-paste it back to the appliance.
03-11-2010 01:32 PM
Say I have configured:
access-list 10 deny 130.0.0.1
access-list 10 deny 120.0.0.1
access-list 10 deny 130.0.1.1
access-list 10 permit any
The I want to remove the first ACE,
if I do a "no access-list 10 deny 130.0.0.1", it will remove all 4 ACEs, the access-list is completely gone.
Is this expected? Should we have at least the other 3 ACEs left?
Thanks!
03-11-2010 02:14 PM
If you have access-list 10 and 20, for instance, and when you issue the command "no access-list 10", it will wipe out all access-list 10 only. Access-list 20 will be left behind.
03-11-2010 02:32 PM
So I can't just remove the first ACE of this ACL 10? I want to keep the rest of ACEs in ACL 10 un
taced.
Do you mean I should use a different number for each rule?
The second statement for access list 10 will not overwrite the first statement of access list 10, they will con-exist.
But removing the 1st statement of access list 10 will remove all statements regarding access list 10?
Thanks!
03-11-2010 02:41 PM
Ok. So you want to remove ONE (or more) selected offending line from your ACL. Let's take your example:
access-list 10 deny 130.0.0.1
access-list 10 deny 120.0.0.1
access-list 10 deny 130.0.1.1
access-list 10 permit any
Let's say you want to remove "access-list 10 deny 130.0.1.1". Cut-n-paste your original ACL into a Wordpad or Notepad and you'll wind up with something like this:
conf t
no access-list 10
access-list 10 deny 130.0.0.1
access-list 10 deny 120.0.0.1
access-list 10 permit any
end
wr
Cut-n-paste everything back into your ACE.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: