Removing entries from an access-list

abbetech
abbetech used Ask the Experts™
on
I'm trying to modify the access-list on my corestack. It is made up on 4 switches all cisco Cat3750. THis is our main router. I was trying to added entries to the access list for the public wireless, now I have some line list twice and two line I would like to remove. I have tried using no in front of the command but that don't work. I could give it a different number and re-enter the list and remove the list from the interface but I don't want to just let the lines in there. So, how do I just remove them?

 THis is what it looks like now:
!
!
access-list 110 permit ip any 10.7.0.0 0.0.255.255
access-list 120 permit ip 10.7.0.0 0.0.255.255 any
access-list 199 permit tcp any host 10.3.50.249 eq www
access-list 199 permit udp any host 10.3.31.240 eq domain
access-list 199 permit udp any host 10.3.31.240 eq bootps
access-list 199 deny   ip any 10.0.0.0 0.255.255.255
access-list 199 permit ip any any
access-list 199 permit tcp any host 10.3.50.250 eq 81
access-list 199 permit tcp any host 10.3.50.255 eq 81
access-list 199 permit tcp any host 10.3.50.226 eq www
access-list 199 permit udp any host 10.3.50.222 eq domain
access-list 199 permit tcp any host 10.3.50.252 eq 81
access-list 199 permit udp any host 10.3.50.240 eq domain
access-list 199 permit udp any host 10.3.50.240 eq bootps

See what I mean, not what I ment to do. Thanks!

Regards,
ABBEtech
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
enable
no access-list 199
write mem

re-enter access-list as needed.
with the exstended access list you can only add lines to the end of the ACL and you do not have the option to remove individual lines. So you will need to remove the whole ACl (as RPPreacher suggested) and then regenerate the ACL and place it back in.

The only thing is if you ever need to do this again than you will need to do the same steps over. My suggestion is to use named ACLs which gives you the option to add or remove lines from anywhere in the acl. They are configured a little differently but take just a few minutes to get used to them.

Here is a good link that goes over this
http://www.petri.co.il/csc_edit_cisco_ios_acl_using_line_numbers.htm

Author

Commented:
I tryed that
50-CoreStack-1#en
50-CoreStack-1#no access-list 199
                               ^
% Invalid input detected at '^' marker.
But it's still there...
!
!
access-list 110 permit ip any 10.7.0.0 0.0.255.255
access-list 120 permit ip 10.7.0.0 0.0.255.255 any
access-list 199 permit tcp any host 10.3.50.249 eq www
access-list 199 permit udp any host 10.3.31.240 eq domain
access-list 199 permit udp any host 10.3.31.240 eq bootps
access-list 199 deny   ip any 10.0.0.0 0.255.255.255
access-list 199 permit ip any any
access-list 199 permit tcp any host 10.3.50.250 eq 81
access-list 199 permit tcp any host 10.3.50.255 eq 81
access-list 199 permit tcp any host 10.3.50.226 eq www
access-list 199 permit udp any host 10.3.50.222 eq domain
access-list 199 permit tcp any host 10.3.50.252 eq 81
access-list 199 permit udp any host 10.3.50.240 eq domain
access-list 199 permit udp any host 10.3.50.240 eq bootps

I guess I should just recreate the access list and give it a different name, like 198 and reassign it. But I would still like to know how to remove the other lines from my router. I guess they really don't matter...
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

this failed because you are not in config mode - you need to do "conf t" before issuing the no access-list command.

you are best off using "ip access-list extended ...", as this type of list allows removing single entries from an existing list. suggest in this case that you create a new list with the required entries, apply the new list as required, then delete the old ones.
I usually copy my ACL into notepad, modify it, delete the old and enter the new.  Pretty simple.

And above is right.  Privilege mode is EN, configuration mode is CONF T

Author

Commented:
Thanks all! I've got the old one removed and do a little research on the named one so I can add and remove one line at a time. Thanks, you guys are great!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial