Solved

Remove access list statement on HP Procurve

Posted on 2014-04-14
4
2,435 Views
Last Modified: 2014-04-15
How do I remove an access list statement on an HP Procurve 8212zl?  I created the following access list...

HP-E8212zl(config)# ip access-list extended utmredirect
HP-E8212zl(config-ext-nacl)# deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255
HP-E8212zl(config-ext-nacl)# deny ip 172.16.10.80 0.0.1.255 172.16.10.0 0.0.1.255
HP-E8212zl(config-ext-nacl)# deny ip 172.16.10.80 0.0.1.255 172.16.20.0 0.0.1.255

And when I do a show, it looks like this...
HP-E8212zl# sho access-list utmredirect

Access Control Lists

  Name: utmredirect
  Type: Extended
  Applied: No

 SEQ  Entry
-----------------------------------------------------------------------------
 10   Action: deny
      Src IP: 172.16.10.80      Mask: 0.0.1.255         Port(s):
      Dst IP: 172.16.0.0        Mask: 0.0.1.255         Port(s):
      Proto : IP
      TOS   : -                 Precedence: -

 20   Action: deny
      Src IP: 172.16.10.80      Mask: 0.0.1.255         Port(s):
      Dst IP: 172.16.10.0       Mask: 0.0.1.255         Port(s):
      Proto : IP
      TOS   : -                 Precedence: -

 30   Action: deny
      Src IP: 172.16.10.80      Mask: 0.0.1.255         Port(s):
      Dst IP: 172.16.20.0       Mask: 0.0.1.255         Port(s):
      Proto : IP
      TOS   : -                 Precedence: -

My question is, how do I remove these statements because they should have been 172.16.80.0, not 172.16.10.80.  I tried:
no access-list utmredirect 10 deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255
and...
no access-list 10 deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255

And a bunch of other combinations, but can't seem to get the right syntax.  After I remove them, how to I add them back correctly, or should I just remove the access list and then create it again?

Please, no links... I need someone who can tell me how to do this.  I've already searched and have found how to add and remove ACLs, but can't seem to get it to work.

Thanks!
0
Comment
Question by:bpl5000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 250 total points
ID: 39999503
Could it be "no ip access-list <name> " ?
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39999519
Try...

ip access-list utmredirect
no deny ip 172.16.10.80 0.0.1.255 172.16.0.0 0.0.1.255
no deny ip 172.16.10.80 0.0.1.255 172.16.10.0 0.0.1.255
no deny ip 172.16.10.80 0.0.1.255 172.16.20.0 0.0.1.255
deny ip 172.16.80.0 0.0.1.255 172.16.0.0 0.0.1.255
deny ip 172.16.80.0 0.0.1.255 172.16.10.0 0.0.1.255
deny ip 172.16.80.0 0.0.1.255 172.16.20.0 0.0.1.255

Open in new window


If that doesn't work, remove the access-list then re-apply.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 40001421
Both "ip access-list utmredirect" and "no ip access-list utmredirect" did not work.  Also, "no access-list utmredirect" failed to work.  So right now I have an access list that I cannot modify or remove.

Ok, finally figured out how to remove it...
no ip access-list extended utmredirect

Had to insert "extended" in the command.  So to get into the address list, I should have done "ip access-list extedned utmredirect".

Thanks for the help!
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40001439
Ah yes, apologies for not copy/paste your original command!

Glad you got it working :-)
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question