delete an entry from the access list...

Discussion in 'Cisco' started by David Butler, Nov 16, 2003.

  1. David Butler

    David Butler Guest

    can someone tell me how to do this... i've added an extra entry that I don't
    need.
    David Butler, Nov 16, 2003
    #1
    1. Advertising

  2. David Butler

    Unregistered Guest

    If it is a numbered access list you can't delete a single entry line i
    the access list. What I ususally do is write out my access lists i
    notepad or other text editor and upload them the to router and appl
    them. That way when you need to change one line all you do is edit th
    line in the text editor and reupload it to the router after you hav
    removed the old one.

    On the other hand if you use a named access list as opposed to
    numbered on you can remove lines.

    Pa

    Unregistered
    -----------------------------------------------------------------------
    Posted via http://www.mcse.m
    -----------------------------------------------------------------------
    View this thread: http://www.mcse.ms/message74897.htm
    Unregistered, Nov 16, 2003
    #2
    1. Advertising

  3. In article <3fb767d4$0$12672$>,
    David Butler <> wrote:
    :can someone tell me how to do this... i've added an extra entry that I don't
    :need.

    You don't say what you're using.

    If you are using one of Cisco's routers, then you will have to remove
    the access list and recreate it.

    If you are using a PIX, then you can go into configure mode and
    use 'no ' followed by the entry you want, such as

    no access-list out2in permit udp any any netbios-ns
    --
    History is a pile of debris -- Laurie Anderson
    Walter Roberson, Nov 16, 2003
    #3
  4. David Butler

    Scooby Guest

    That's not true about having to remove the access-list on the routers. Yes,
    it was true at one time, but the IOS now supports better management. I
    guess it depends what version of the IOS you are running. Not sure exactly
    when these features were implemented, but here is how it works now...

    Let's say this is your access list:

    access-list 100 permit tcp any host 10.10.10.10 eq www
    access-list 100 permit udp any host 10.10.10.10 eq dns
    access-list 100 permit icmp any any echo-reply
    access-list 100 deny any any log

    and you wanted to get rid of the echo-reply line. You'd just type the
    following:

    conf t
    ip access-list ext 10
    no permit icmp any any echo-reply

    Here's also what is really cool. If you do a show ip access-list, it will
    show something like this:

    10 access-list 100 permit tcp any host 10.10.10.10 eq www
    20 access-list 100 permit udp any host 10.10.10.10 eq dns
    30 access-list 100 permit icmp any any echo-reply
    40 access-list 100 deny any any log

    Then you can just do

    conf t
    ip access-list ext 102
    no 30

    once in the access-list edit you can also do something like this:

    5 permit ip any any eq bootp

    This would insert the item at the front of the list. These line numbers
    will keep until you reboot and then they will reorg to multiples of 10.





    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bp8j88$4e3$...
    > In article <3fb767d4$0$12672$>,
    > David Butler <> wrote:
    > :can someone tell me how to do this... i've added an extra entry that I

    don't
    > :need.
    >
    > You don't say what you're using.
    >
    > If you are using one of Cisco's routers, then you will have to remove
    > the access list and recreate it.
    >
    > If you are using a PIX, then you can go into configure mode and
    > use 'no ' followed by the entry you want, such as
    >
    > no access-list out2in permit udp any any netbios-ns
    > --
    > History is a pile of debris -- Laurie Anderson
    Scooby, Nov 16, 2003
    #4
  5. David Butler

    Richard Deal Guest

    To all,

    The assumption of deleting a specific router ACL entry is no longer true.
    Cisco now supports "sequenced ACLs". This feature was first introduced in
    12.2(14)S and has been integrated into 12.2(15)T and 12.3(2)T. It is now,
    FINALLY, easy to edit ACLs without having to use a text editor!!! It's about
    *?^%$* time Cisco listened to their customers on this one. I've been
    complaining about this ever since ACLs came out in 94.

    Cheers!
    --

    Richard A. Deal

    Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
    exams on the market (www.quizware.com)

    Author of CCNA Cisco Certified Network Associate Study Guide (Exam 640-801),
    CCNP BCMSN Exam Cram 2, Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP
    Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch
    Configuration Exam Cram

    Visit my home page at http://home.cfl.rr.com/dealgroup/



    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bp8j88$4e3$...
    > In article <3fb767d4$0$12672$>,
    > David Butler <> wrote:
    > :can someone tell me how to do this... i've added an extra entry that I

    don't
    > :need.
    >
    > You don't say what you're using.
    >
    > If you are using one of Cisco's routers, then you will have to remove
    > the access list and recreate it.
    >
    > If you are using a PIX, then you can go into configure mode and
    > use 'no ' followed by the entry you want, such as
    >
    > no access-list out2in permit udp any any netbios-ns
    > --
    > History is a pile of debris -- Laurie Anderson
    >
    Richard Deal, Nov 16, 2003
    #5
  6. David Butler

    Oleg Malkov Guest

    Hi,

    You can copy the configuration to TFTP server, edit it and copy it back to
    your device. Also you can try to use WinAgents IOS Config Editor - it
    contains an embedded TFTP Server and allows to copy configs using SNMP. Take
    a look at http://www.winagents.com/cisco-config-editor.htm

    --
    Sincerely,
    Oleg Malkov

    WinAgents Software Group


    "David Butler" <> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ ×
    ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ: news:3fb767d4$0$12672$...
    > can someone tell me how to do this... i've added an extra entry that I

    don't
    > need.
    >
    >
    Oleg Malkov, Nov 18, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mclaughlinj

    Access List Entry Ordering

    mclaughlinj, Apr 30, 2004, in forum: Cisco
    Replies:
    1
    Views:
    658
    Barry Margolin
    Apr 30, 2004
  2. AC
    Replies:
    6
    Views:
    1,133
    Hansang Bae
    Jun 24, 2004
  3. Christoph Ehret
    Replies:
    1
    Views:
    4,084
    Walter Roberson
    Jan 5, 2005
  4. paeengi8
    Replies:
    0
    Views:
    807
    paeengi8
    Jun 25, 2007
  5. Tom Linden

    access-list entry

    Tom Linden, Jun 10, 2008, in forum: Cisco
    Replies:
    2
    Views:
    461
    Walter Roberson
    Jun 10, 2008
Loading...

Share This Page