Solved

Remove access list statement on HP Procurve

Posted on 2014-04-14
4
2,113 Views
Last Modified: 2014-04-15
How do I remove an access list statement on an HP Procurve 8212zl?  I created the following access list...

HP-E8212zl(config)# ip access-list extended utmredirect
HP-E8212zl(config-ext-nacl)# deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255
HP-E8212zl(config-ext-nacl)# deny ip 172.16.10.80 0.0.1.255 172.16.10.0 0.0.1.255
HP-E8212zl(config-ext-nacl)# deny ip 172.16.10.80 0.0.1.255 172.16.20.0 0.0.1.255

And when I do a show, it looks like this...
HP-E8212zl# sho access-list utmredirect

Access Control Lists

  Name: utmredirect
  Type: Extended
  Applied: No

 SEQ  Entry
-----------------------------------------------------------------------------
 10   Action: deny
      Src IP: 172.16.10.80      Mask: 0.0.1.255         Port(s):
      Dst IP: 172.16.0.0        Mask: 0.0.1.255         Port(s):
      Proto : IP
      TOS   : -                 Precedence: -

 20   Action: deny
      Src IP: 172.16.10.80      Mask: 0.0.1.255         Port(s):
      Dst IP: 172.16.10.0       Mask: 0.0.1.255         Port(s):
      Proto : IP
      TOS   : -                 Precedence: -

 30   Action: deny
      Src IP: 172.16.10.80      Mask: 0.0.1.255         Port(s):
      Dst IP: 172.16.20.0       Mask: 0.0.1.255         Port(s):
      Proto : IP
      TOS   : -                 Precedence: -

My question is, how do I remove these statements because they should have been 172.16.80.0, not 172.16.10.80.  I tried:
no access-list utmredirect 10 deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255
and...
no access-list 10 deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255

And a bunch of other combinations, but can't seem to get the right syntax.  After I remove them, how to I add them back correctly, or should I just remove the access list and then create it again?

Please, no links... I need someone who can tell me how to do this.  I've already searched and have found how to add and remove ACLs, but can't seem to get it to work.

Thanks!
0
Comment
Question by:bpl5000
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 250 total points
ID: 39999503
Could it be "no ip access-list <name> " ?
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39999519
Try...

ip access-list utmredirect
no deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255
no deny ip 172.16.10.80 0.0.1.255 172.16.10.0 0.0.1.255
no deny ip 172.16.10.80 0.0.1.255 172.16.20.0 0.0.1.255
deny ip 172.16.80.0 0.0.1.255 172.16.0.0 0.0.1.255
deny ip 172.16.80.0 0.0.1.255 172.16.10.0 0.0.1.255
deny ip 172.16.80.0 0.0.1.255 172.16.20.0 0.0.1.255

Open in new window


If that doesn't work, remove the access-list then re-apply.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 40001421
Both "ip access-list utmredirect" and "no ip access-list utmredirect" did not work.  Also, "no access-list utmredirect" failed to work.  So right now I have an access list that I cannot modify or remove.

Ok, finally figured out how to remove it...
no ip access-list extended utmredirect

Had to insert "extended" in the command.  So to get into the address list, I should have done "ip access-list extedned utmredirect".

Thanks for the help!
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40001439
Ah yes, apologies for not copy/paste your original command!

Glad you got it working :-)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question