Editing access-list
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Tom Linden on June 11, 2008, 5:36 pm
Please log in for more thread options but I have what appears to be an error in an access-list and I couldn't see how to delete one line access-list 101 deny ip 255.0.0.0 0.255.255.255 any access-list 101 deny ip any 255.0.0.0 0.255.255.255 The second line is surely wrong and must have come about from a cut and paste operation. -- PL/I for OpenVMS www.kednos.com | |||||||||||||||||||
|
Posted by News Reader on June 11, 2008, 6:20 pm
Please log in for more thread options sh access-list 101 Note the sequence numbers beside the ACEs (they probably start at 10, and increment by 10's). Lets assume you saw this: 10 deny ip 255.0.0.0 0.255.255.255 any 20 deny ip any 255.0.0.0 0.255.255.255 If you wanted to delete the ACE with sequence # 20: hostname # config t hostname(config) # ip access-list extended 101 hostname(config-ext-nacl) # no 20 ... and if you wanted to resequence the ACEs: hostname(config-ext-nacl) exit hostname(config) # ip access-list resequence 101 10 10 This would resequence the ACEs in access-list 101, starting at 10, and incrementing by 10. sh access-list 101 would verify that the undesirable ACE was removed, but note that another ACE will now have sequence # 20 due to the resequencing performed. Best Regards, News Reader | |||||||||||||||||||
|
Posted by Tom Linden on June 11, 2008, 6:34 pm
Please log in for more thread options
Thanks, I will squirrel that away. I discovered that cut and paste works fine as long as you don't use Hyperterm. I used PuTTY connected to OpenVMS running DECWindows with router console connection through a Xyplex terminal server. > Tom Linden wrote:
>> Sorry if this sounds trivial
>> but I have what appears to be an error in an access-list >> and I couldn't see how to delete one line >> access-list 101 deny ip 255.0.0.0 0.255.255.255 any >> access-list 101 deny ip any 255.0.0.0 0.255.255.255 >> The second line is surely wrong and must have come about >> from a cut and paste operation. >
> sh access-list 101 > > Note the sequence numbers beside the ACEs (they probably start at 10, > and increment by 10's). > > Lets assume you saw this: > > 10 deny ip 255.0.0.0 0.255.255.255 any > 20 deny ip any 255.0.0.0 0.255.255.255 > > If you wanted to delete the ACE with sequence # 20: > > hostname # config t > hostname(config) # ip access-list extended 101 > hostname(config-ext-nacl) # no 20 > > ... and if you wanted to resequence the ACEs: > > hostname(config-ext-nacl) exit > hostname(config) # ip access-list resequence 101 10 10 > > This would resequence the ACEs in access-list 101, starting at 10, and > incrementing by 10. > > > sh access-list 101 would verify that the undesirable ACE was removed, > but note that another ACE will now have sequence # 20 due to the > resequencing performed. > > > Best Regards, > News Reader -- PL/I for OpenVMS www.kednos.com | |||||||||||||||||||
| Similar Threads | Posted |
| Editing access-list | June 11, 2008, 5:36 pm |
| Newbie question re editing ACLs | November 14, 2005, 7:18 am |
> but I have what appears to be an error in an access-list
> and I couldn't see how to delete one line
>
> access-list 101 deny ip 255.0.0.0 0.255.255.255 any
> access-list 101 deny ip any 255.0.0.0 0.255.255.255
>
> The second line is surely wrong and must have come about
> from a cut and paste operation.