question about acl....

[ipothos]

every time that i want to delete an acl entry the result is that all my acl entries are being deleted.

am i doing something wrong??

 

[yemaya]

Hi ipothos,

You have to used Named ACL like this:

ip access-list extended "name here"

ip access-list standard "name here"

 

[plshlpme]

its best to use sequencing if your ios is recent

when you do a show access-lists XX

XX can be a number or a name
it will display your access-list with a sequence number before each line

if you then go into access-list configuration mode

conf t
ip access-list standard/extended XXXX
you can then enter or delete commands based on the sequence...

ie:

Extended IP access list INBOUND
1 deny ip host 62.193.245.94 any
11 deny ip host 66.70.254.242 any
21 deny ip host 59.188.13.135 any
31 deny ip host 69.13.187.1 any
41 deny ip host 164.100.80.142 any
42 deny ip host 59.125.83.127 any
51 deny ip host 200.47.112.149 any
56 deny ip host 124.136.165.109 any (86 matches)
57 deny ip host 211.67.177.81 any (106 matches)
58 deny ip host 211.184.102.65 any (84 matches)
59 deny ip host 135.196.28.10 any (49 matches)
61 deny ip host 64.27.28.229 any
66 deny ip host 124.128.157.98 any (132 matches)
67 deny ip host 58.56.77.61 any (62 matches)
68 deny ip host 61.254.196.80 any (51 matches)
69 deny ip host 210.116.114.53 any (86 matches)

you can then do a
conf t
ip access-list extended INBOUND
no 11


that would delete line 11

on the same token
if you wanted to put another entry in between 42 and 51 you could type
45 deny ip ........ etc


that make sense?
i think sequencing is a very powerfull tool for access-lists and not enough people utilize them...