Possible to remove individual entries from ACL?

[GeneralDzur]

Hopefully the title explains it all. Can I remove individual entries from an ACL, so I can enter them into a different one w/out having to start over from scratch?

- stephan

 

[chieftan999]

The best way to achieve what you are asking is to copy the ACL to a text file, remove the access group from the interfaces and then remove the access list. Edit the text file (by removing the offending line) and then paste this back into the configuration and then add the group to the interface again.

Beware though:- If you do not remove the access group from the interface BEFORE removing the access list you may lose connectivity to the router.

Reamin positive. The affect on those around you will amaze.

 

[GeneralDzur]

So there isn't a way to do it from the console? drat...

Thanks for the warning. I'd already tried the txt method, but if you have a big ACL then it's awfully inconvienient to have to re-enter the whole bloody thing.

- stephan

 

[MTandSAV]

but if you have a big ACL then it's awfully inconvienient to have to re-enter the whole bloody thing."

i think thats where 'copy' and 'paste' comes in (-:

once you copied the acl to your text file you add/remove the line you want. then you copy that back into the config of the router via console and you're done.
You don't type out the whole acl again!

CCNA, CCNP..partly

 

[GeneralDzur]

wait...pardon my stupidity...so I can copy & paste the entire thing onto one line (not one by one) and hit 'enter'?

- stephan

 

[Cluebird]

Yes. If you use Named ACLs, you can remove individual lines but you're still stuck with the complete removal and replacement of the list when you need to add statements (unless you want them appended to the end of the ACL).

I suggest with ACLs/NACLs your first line be a "no access-list 101" followed by the new ACL statements so you get a clean list.

 

[webnetwiz]

not only can you copy/paste the whole thing in, you cn also just tftp the access list, and the router will take it. Another thing you can do is say your primary access list is number 110, you can also have access list number 111 that's a copy of 110, you then modify 111, unbind 110 from the interface and bind 111 to it. This way you're never modifying an active/production access list, and if something doesn't work, you can always go back to the original access list (granted if everything works fine, you'd have toi remember to go back to access list 110 and add things that you modifed in 111, so that next time you can use 110 without missing additions in 111. Damn, sounds confusing, don't it?)

NACLs are good, you can edit things using sequnce (line) numbers

 

[GeneralDzur]

I've never done a NACL before; to be honest I've never heard of a NACL until now. What is an example of one?

Also, I have two TFTP programs (Kiwi CatTools, and SolarWinds TFTP Server) but I haven't been able to figure out how to push a file to the router.