Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20207
Views
15
Helpful
8
Replies

Deleting ACL

yee.lay.yo
Level 1
Level 1

‎07-20-2008 07:24 PM - edited ‎03-03-2019 10:49 PM

Hi All,

How can I remove single ACL line from my ACL list?

Labels:
0 Helpful
8 Replies 8

Edison Ortiz
Hall of Fame
Hall of Fame

‎07-20-2008 08:02 PM

Let's take this ACL as an example:

R2#sh ip access-lists

Extended IP access list 101

10 permit ip host 1.1.1.1 host 2.2.2.2

20 permit ip host 1.1.1.1 host 3.3.3.3

30 permit ip host 1.1.1.1 host 4.4.4.4

You noticed how the output has a number from 10 to 30 on each ACE?

Now, let's say I want to knock out line number 20.

R2(config)#ip access-list extended 101

R2(config-ext-nacl)#no 20 permit ip host 1.1.1.1 host 3.3.3.3

R2(config-ext-nacl)#end

R2#sh ip access-lists

Extended IP access list 101

10 permit ip host 1.1.1.1 host 2.2.2.2

30 permit ip host 1.1.1.1 host 4.4.4.4

HTH,

__

Edison.

Please rate helpful posts

jamesl0112
Level 1
Level 1
In response to Edison Ortiz

‎07-21-2008 12:06 AM

Edison,

That's pretty handy - I didn't know you could edit a numbered ACL as if it was a named ACL.

0 Helpful

gilbertktaylor43922
Level 1
Level 1
In response to Edison Ortiz

‎01-30-2021 06:36 AM

Hi Edison,

That's a great post. One of the most succinct I've seen.

Thanks,

Gilbert

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎07-20-2008 08:04 PM

When you edit an ACL, it requires special attention. For example, if you intend to delete a specific line from a numbered ACL that exists as shown here, the entire ACL is deleted

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#editacls

Rate if helpful

0 Helpful

gojericho0
Level 1
Level 1
In response to Marwan ALshawi

‎07-21-2008 07:16 AM

Also, i believe you need at least version 12.3 of the IOS in order to delete numbered access-lists line by line

0 Helpful

AJAZ NAWAZ
Level 5
Level 5
In response to gojericho0

‎07-21-2008 08:47 AM

just tested on 65k with 12.2 - all good. I suspect this method has been available for longtime, it's just been hidden (not to be confused with 'hidden' commands).

Ajaz

0 Helpful

yee.lay.yo
Level 1
Level 1

‎07-21-2008 06:07 PM

Hi Edison,

The problem fix by your instruction.

Thanks a lot.

0 Helpful

paul driver
VIP
VIP
In response to yee.lay.yo

‎01-30-2021 07:12 AM - edited ‎01-30-2021 07:14 AM

Hello
Just like to add you should be able to do this even with standard numbered acls and also be able to just to specify the ace number when deleting or adding an ace

Example1:

access-list 10 permit 10.10.10.0
access-list 10 permit 20.10.10.0

sh access-lists
Standard IP access list 10
10 permit 10.10.10.0
20 permit 20.10.10.0

ip access-list standard 10
no 20
20 permit  20.20.20.0

 

Example2:
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 permit ip 20.10.10.0 0.0.0.255 any


sh access-lists

Extended IP access list 101
10 permit ip 10.10.10.0 0.0.0.255 any
20 permit ip 20.10.10.0 0.0.0.255 any

ip access-list extended 101
no 20
20 permit  ip 20.20.20.0 0.0.0.255 any


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card