RE: delete a item in numbered ACL

From: Ian Stong (istong@stong.org)
Date: Mon Oct 18 2004 - 08:27:41 GMT-3

• Next message: Cecil Jackson: "Re: security workbook"
• Previous message: ccie2be: "Re: delete a item in numbered ACL"
• Maybe in reply to: hktco: "delete a item in numbered ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

It is my understanding that named ACL's allow you to delete or add
individual lines within the ACL.

Thanks,

Ian
www.ccie4u.com
CCIE Lab Rack Rentals and Lab Scenarios

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Monday, October 18, 2004 6:44 AM
To: Brian Dennis; hktco; ccielab@groupstudy.com
Subject: Re: delete a item in numbered ACL

Hi Brian,

With named acl's, is it possible to change the order of acl entries without
redoing the whole list?

Thanks
  ----- Original Message -----
  From: Brian Dennis
  To: ccie2be ; hktco ; ccielab@groupstudy.com
  Sent: Monday, October 18, 2004 12:04 AM
  Subject: RE: delete a item in numbered ACL

  It's actually been around for a long time. Just treat the numbered ACL as
a
named ACL.

  See below:

  Rack1R1#show access-list

  Rack1R1#conf t

  Enter configuration commands, one per line. End with CNTL/Z.

  Rack1R1(config)#access-list 100 permit tcp host 1.1.1.1 any eq 23

  Rack1R1(config)#access-list 100 permit tcp host 1.1.1.1 any eq 80

  Rack1R1(config)#access-list 100 deny tcp host 1.1.1.1 any

  Rack1R1(config)#access-list 100 permit ip any any

  Rack1R1(config)#do show access-list

  Extended IP access list 100

      10 permit tcp host 1.1.1.1 any eq telnet

      20 permit tcp host 1.1.1.1 any eq www

      30 deny tcp host 1.1.1.1 any

      40 permit ip any any

  Rack1R1(config)#ip access-list extended 100

  Rack1R1(config-ext-nacl)#no permit tcp host 1.1.1.1 any eq www

  Rack1R1(config-ext-nacl)#exit

  Rack1R1(config)#do show access-list

  Extended IP access list 100

      10 permit tcp host 1.1.1.1 any eq telnet

      30 deny tcp host 1.1.1.1 any

      40 permit ip any any

  Rack1R1(config)#

  Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)

  bdennis@internetworkexpert.com

  Internetwork Expert, Inc.

  http://www.InternetworkExpert.com

  Toll Free: 877-224-8987

  Direct: 775-745-6404 (Outside the US and Canada)

  -----Original Message-----
  From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
  Sent: Friday, October 15, 2004 8:29 PM
  To: hktco; ccielab@groupstudy.com
  Subject: Re: delete a item in numbered ACL

  Yes, it is true. I don't remember all the details, but if you go to the

  Doc-CD under IOS 12.3, you'll see it under New Features in the IP Services

  section.

 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/r
elease/122s14/fsaclseq.htm

  HTH, Tim

  ----- Original Message -----

  From: "hktco" <ccnpcert@hotmail.com>

  To: <ccielab@groupstudy.com>

  Sent: Friday, October 15, 2004 8:49 PM

  Subject: delete a item in numbered ACL

> Hi,

>

> Read that items in a numbered ACL can be deleted without taking down the

> entire ACL. Is it true and how?

>

> hktco

>

> _______________________________________________________________________

> Subscription information may be found at:

> http://www.groupstudy.com/list/CCIELab.html

  _______________________________________________________________________

  Subscription information may be found at:

  http://www.groupstudy.com/list/CCIELab.html

• Next message: Cecil Jackson: "Re: security workbook"
• Previous message: ccie2be: "Re: delete a item in numbered ACL"
• Maybe in reply to: hktco: "delete a item in numbered ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:49 GMT-3