07-17-2007 12:41 AM - edited 07-03-2021 02:21 PM
Hi there,
I was wondering,is there a way to remove a single entry on an access list?
I have this problem that every time i intend to delete a single mac-address i have to delete all, then add the desired mac address.
Any help would be deeply appreciated.
Thank you.
Sincerely,
Jemel
07-18-2007 06:54 AM
i have not dealt with ACL's on a AP before.. But you describe the same behavior seen on a router.. To my knowledge ( someone correct me if im wrong) only the pix and asa appliances allow you to take out individual lines.
By far the easiest way i do it on a router is copy and paste the list into wordpad/word and do a replace on the accesslist name. Then add my change and then paste the ACL back into the device. Bam =) Just dont forget to switch over to the new ACL =) This also allows you to revert back to the previous known good ACL.
07-18-2007 07:23 AM
I believe if you use the WebGUI, you can add and delete single entries.
Look under Security | Advanced Security
You can define a new filter, or point to the existing and edit entries.
I understand there's no technical glory (what I call 'Tech-tosterone')in using the WebGUI versus the CLI, but sometimes you just have to take the easiest path ... ;-}
Good Luck
Scott
07-18-2007 01:23 PM
Hi Jemel,
Suppose following command is configured on your AP:-
dot11 association mac-list 700
The above command shows access-list 700 is being as mac-address authentication list.If you want to remove "000c.412d.14c8" mac address from the list then use the following command:-
(config)# no access-list 700 permit 000c.412d.14c8.
Note:-If you have configured mac-address from GUI and now you are trying to configure it from CLI then you might get the follwing error"filter700 was configured on the interfacedot11radio0 using cli. it must be cleared via cli to ensure proper operation of the web interface";Therefore kindly make changes from CLI or GUI .
Hope this might help you.
Baljeet Singh Saini
08-15-2007 01:11 PM
My issue is slightly different than the original question but I receive the "filter 700 was configured on the interface dot11radio0 using CLI. It must be cleared via CLI to ensure proper operation of the web interface" error if I have been making changes to my MAC filters via GUI, try to apply them but apparently get disconnected from my Internet session (page cannot be displayed), and go back into filter configuration. If you know the commands to clear the CLI interface, I would greatly appreciate it if you would pass that information to me. I have rebuilt the MAC ACLs on a different filter but this is time consuming. I am getting better at configuring the MAC filters via the command line but, with a small business, prefer GUI.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide