ACL Question

[readyyy]

Hello

In my router at home have the following ACL:

Standard IP access list 45
30 permit 10.X.X.X
10 permit 10.X.X.X
20 permit 10.X.X.X
40 permit any

How can i remove the last line, 40 permit any ?

 

[octavian10]

run the command no access-list 45 and retype it without the permit any statment. Remember when you do this you will reenable the explicit deny statment at the end of any acl. If this were a longer acl you could cut and paste what you wanted to keep using note pad and hyper terminal.

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)

 

[readyyy]

Hello

Thanks for your answer. Is there a possiblity to remove the last entry without removing the whole ACL?

thanks

 

[watchguardmonkey]

NO

 

[NetworksMD]

The only way to remove individual lines in an ACL is to use a named ACL instead of a numbered. Named ACL's will allow you to remove one line.

 

[readyyy]

Thanks Guys

 

[tech1994]

Rather than reinvent the wheel

Some basic ACL info

http://www.ciscohq.com/FAQs/Cisco-FAQs/Basic-How-to-Cisco-Access-Lists-ACLs-.html

----------------------
Cisco Forum | News

http://www.ciscohq.com

 

[intelwizrd]

I kind of have a basic method that I use to not have to keep typing commands in when i need to change an ACL.

I use a TFTP server wich stores copies of my configs.
I update the copy on the TFTP server
connect to the router
copy the config from the TFTP server to the startup config on the router
check the startup config to make sure i grabbed the correct one (i have a bunch of routers to manage)
then i blow the acl(s) away that i need to update
then i copy the start to the run

works like a charm. only problem i have ever had is when i accidentaly applied a config for a 3640 to a 7206. that didnt work so well.

----------------------------
Josh
CCNA, MCSE 2003(in progress)

 

[vipergg]

Incorrect guys he can remove the last line , it is a named acl . conf t , ip access-list standard 45 , this puts you into acl config mode , then just do "no 40 permit any" .

 

[NetworksMD]

Your absolutley right, I didn't pay enough attention to the format, good catch.

 

[readyyy]

Now i'm more confused than before. So what's going on now? Is it possible to remove the line without the whole acl or not? Some say it's possible, and some say it's not possible

 

[KiscoKid]

If you have a standard ACL as you've outlined in your original post, you cannot remove a single line. You will have to remove the entire ACL, modify it and re-apply it.

However if you replace that standard ACL with a named ACL, you can then modify each entry on a line-by-line basis. This would be what I would do esp. for huge ACL's.

 

[vipergg]

What you have is a standard named acl hence the numbers before the entry , follow my instructions in previous note and it should work... You do not have to remove the acl , that is the beauty of the named . In the newer codes 12.2T and above they have basically merged both acls's and you can modify it even if you put it in the old way . When you do a "show access-list and it has those numbers in front you can remove entrys and install entries without removing the list.

 

[vipergg]

Just tried this on 12.2.31 box which is even before 12.2.T and you should be able to remove the line ok . In your case just do a conf t . , ip access-list 45 enter. This will will put you into acl config mode then just do a "no 40 permit any" , exit out then do a show access-list and you will se that it is gone . You can modify even a standard acl by getting into acl config mode . I would say you are running at least 12.2 T code because you do have numbers in front of your acl entries , just try what I described it should work.

 

[vipergg]

Just caught a mistake in the previous post , do a conf t "ip access-list standard 45 " then do a no 40 permit any . Forgot the word standard...

 

[khurams]

´´´´´´´´´´´´remove the last line ´´´´´´´´´´´´

 

[castlesmadeofsand]

Actually, you cannot because it is not a true named access-list. Just kidding. Ha ha ha... %-) %-) %-)

Tim