Remove access-list

I purchased a router off ebay, The router has a standard access-list
on s 0 which will not allow me to access it though the s 0. How can I
configure the port with no access-list or arthentication?

 

Go to config mode.
(config)# no access-list #
(config)# interface s0
(config-int)#no access-group #

Doan

 

I recommend the reverse order, if you happen to be coming in through the
interface where the access list is applied.

If you have an interface access-group applied and delete the access-list,
the router will assume the posture of "no access-list == no access." That
is a safeguard: If you accidentally delete an access list **ALL** accesss
is denied. It is presumed that it is preferable to shutdown access than to
inadvertently open a security hole.

This is the voice of experience. If you come in through the protected
interface and delete the access list, you are locked out (D'ohh!!) If you
are changing an access list on a 'hot' network, is is best to do it from the
inside, where the order does not matter, *OR* create a new access-list and
then point the access-group to the new access-list.

 

:If you have an interface access-group applied and delete the access-list,
:the router will assume the posture of "no access-list == no access." That
:is a safeguard: If you accidentally delete an access list **ALL** accesss
:is denied. It is presumed that it is preferable to shutdown access than to
:inadvertently open a security hole.

Was that recently changed, Phillip? Because it wasn't that way
historically.

http://www.cisco.com/en/US/products...on_guide_chapter09186a008007edbf.html#1017069

ip access-group

Usage Guideliness

When you apply an ACL that has not yet been defined to an interface,
the software will act as if the ACL has not been applied to the
interface and will accept all packets. Remember this behavior if you
use undefined ACLs as a means of security in your network.


:This is the voice of experience. If you come in through the protected
:interface and delete the access list, you are locked out (D'ohh!!)

Does that perhaps only apply to vty's?

:If you
:are changing an access list on a 'hot' network, is is best to do it from the
:inside, where the order does not matter, *OR* create a new access-list and
:then point the access-group to the new access-list.

What my mama always told me was that the undefined access-list permits
everything, and that the danger is that if you then go into
config term and start typing in the access-list, then as soon as the
very first line is in place, the "implicit deny all" rule comes into
effect, locking you out if that first line didn't happen to be a
line permitting you access. That's why Sis always recommended
"reload in 5 minutes" and tftp'ing in the complete new access-list
if I didnt want to bother with the access-group switcheroo .

 

I just did some digging: You (and the docs) are correct. My bad. ip
access-group will pass packets in the absence of an access-list.

Thinking back, I think my issue was related to CHANGING a live access list.
where once I edited the list, I managed to lock myself out.

Thanks for correcting my poor memory.

http://www.cisco.com/en/US/products...on_guide_chapter09186a008007edbf.html#1017069

 

Very true. I've done this myself. I am forever indebted to the 'reload in x' command.

 

I am guessing you are able to log in through e0 or console?

enable
sho conf
(under interface serial 0 you will see the offending access-list, copy it to
clipboard or write it down word for word)
conf term
int s0
no <paste the access-list here>
exit
exit
copy run start