From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Mon Feb 19 2007 - 20:23:01 ART
To remove a dynamic ACL entry you will need to use the "clear
access-template" command. The options in the "clear access-template"
command need to match what is in the dynamic ACL. The "?" doesn't give you
the help you would expect with the "clear access-template" command.
Remember to just type a command out if you think the option should take even
if it doesn't show up with the "?". This is just one of the many commands
that do not show up properly or some at all with the "?".
Here is an example of how to clear a dynamic ACL:
Rack4R1#sho access-list
Extended IP access list 100
10 permit tcp any any eq telnet (26 matches)
20 Dynamic LOCK_KEY permit icmp any any echo
permit icmp host 1.1.1.2 any echo
30 deny ip any any (36 matches)
Rack4R1#
Rack4R1#clear access-template 100 LOCK_KEY host 1.1.1.2 any
Rack4R1#sho access-list
Extended IP access list 100
10 permit tcp any any eq telnet (26 matches)
20 Dynamic LOCK_KEY permit icmp any any echo
30 deny ip any any (66 matches)
Rack4R1#
--Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP) bdennis@internetworkexpert.com Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Direct: 775-745-6404 (Outside the US and Canada)
On 2/19/07 2:46 PM, "Michael Zuo" <mzuo@ixiacom.com> wrote:
> Hi group, > > > > I tried the following to clear an access-template created by a dynamic > access list and it does not work? And the online help is > self-contradicting... very annoying... > > > > Please help, thanks!! > > > > > > > > R1#clear access-tem 100 > > % Incomplete command. > > > > R1#clear access-tem 100 ? > > % Unrecognized command > > R1#clear access-tem ? > > <100-199> IP extended access list > > <2000-2699> IP extended access list (expanded range) > > > > R1#sh ver > > Cisco Internetwork Operating System Software > > IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17b), RELEASE > SOFTWARE (fc2 > > ) > > Technical Support: http://www.cisco.com/techsupport > > Copyright (c) 1986-2006 by cisco Systems, Inc. > > Compiled Mon 06-Mar-06 22:02 by dchih > > Image text-base: 0x80008098, data-base: 0x81A335C8 > > > > ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) > > ROM: C2600 Software (C2600-J1S3-M), Version 12.3(17b), RELEASE SOFTWARE > (fc2) > > > > R1 uptime is 19 hours, 22 minutes > > System returned to ROM by reload > > System image file is "flash:c2600-j1s3-mz.123-17b.bin" > > > > cisco 2610 (MPC860) processor (revision 0x203) with 61440K/4096K bytes > of memory > > . > > Processor board ID JAD04510KWR (1514207935) > > M860 processor: part number 0, mask 49 > > Bridging software. > > X.25 software, Version 3.0.0. > > TN3270 Emulation software. > > 1 Ethernet/IEEE 802.3 interface(s) > > > > R1# > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART