From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Mon Jan 23 2006 - 17:24:42 GMT-3
Here is the answer to your question about using a named ACL with the
clear access-template command.
Rack1R5#clear access-template ?
<100-199> IP extended access list
<2000-2699> IP extended access list (expanded range)
Rack1R5#clear access-template
Rack1R5#clear access-template MYACL MYDYNACL host 163.1.5.8 any
^
% Invalid input detected at '^' marker.
Rack1R5#show ip access-list MYACL
Extended IP access list MYACL
10 Dynamic MYDYNACL permit ip any any
permit ip host 163.1.5.8 any (53 matches)
20 permit tcp any any eq telnet
30 deny ip any any log
Rack1R5#
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: Leigh Nash [mailto:leigh@net-elite.org]
Sent: Sunday, January 22, 2006 2:49 PM
To: Brian Dennis; 'Cisco certification'
Subject: RE: Clearing dynamic ACL
Thanks Brian,
Your example is a numbered ACL, more specifically, does this work with a
named ACL?
r5#sh access-li
Extended IP access list DYN
10 permit ospf any any (6 matches)
20 permit tcp any any eq telnet (44 matches)
30 Dynamic LOCKKEY permit ip any any
permit ip host 70.0.0.6 any (10 matches) (time left 564)
40 deny ip any any log (9 matches)
r5#clear access-template DYN LOCKKEY host 70.0.0.6 any
^
% Invalid input detected at '^' marker.
Leigh
-----Original Message-----
From: Brian Dennis [mailto:bdennis@internetworkexpert.com]
Sent: Sunday, January 22, 2006 2:13 PM
To: Leigh Nash; Cisco certification
Subject: RE: Clearing dynamic ACL
The options in the "clear access-template" command need to match what is
in the dynamic ACL. The "?" doesn't give you the help you would expect
with the "clear access-template" command. Remember to just type a
command out if you think the option should take even if it doesn't show
up with the "?". This is just one of the many commands that do not show
up properly or some at all with the "?".
Here is an example of how to clear a dynamic ACL:
Rack4R1#sho access-list
Extended IP access list 100
10 permit tcp any any eq telnet (26 matches)
20 Dynamic LOCK_KEY permit icmp any any echo
permit icmp host 1.1.1.2 any echo
30 deny ip any any (36 matches)
Rack4R1#
Rack4R1#clear access-template 100 LOCK_KEY host 1.1.1.2 any
Rack4R1#sho access-list
Extended IP access list 100
10 permit tcp any any eq telnet (26 matches)
20 Dynamic LOCK_KEY permit icmp any any echo
30 deny ip any any (66 matches)
Rack4R1#
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Leigh Nash
Sent: Sunday, January 22, 2006 1:21 PM
To: 'Cisco certification'
Subject: Clearing dynamic ACL
Hello all,
I've had no success clearing a dynamic ACL on a 2500/2600.
clear access-template [access-list-number | name] [dynamic-name]
[source]
[destination]
r5#clear access-template ?
<100-199> IP extended access list
<2000-2699> IP extended access list (expanded range)
r5#clear access-template LOCK
% Invalid input detected at '^' marker.
r6#clear access-template ?
<100-199> IP extended access list
<2000-2699> IP extended access list (expanded range)
r6#clear access-template 101 ?
% Unrecognized command
On the 3550 it seems to work.
Is there something different I can try? Or is the solution to set the
timeout low and just wait? ;)
Thank you,
Leigh
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:50 GMT-3