basic ACL command question

Hi all,
I'm not sure if i am simply missing this in my books and the web....but here it goes....

i know in order to remove an extended ACL i can simply put a "no" in front of the statement, i can use this command for example:

router(config)#no access-list 100

-and this deletes the ACL, fine, no problem....

*but* i already applied this to an interface, what i am stumped on is how the heck do i delete it from the int?

I use this command,

router(config)#no ip access-group 100

and its misleading, like its going to remove it but then just gives me a carrot error (after the 100), i've tried this on multiple routers here at work to test it out and the results are the same, my practice sims are even more limited.........(when i do a sh run, I still see the ACL applied to the E0 in)

am i missing something? i thought i was on the right track.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

malcybood

phatsoundz wrote:

Hi all,
I'm not sure if i am simply missing this in my books and the web....but here it goes....

i know in order to remove an extended ACL i can simply put a "no" in front of the statement, i can use this command for example:

router(config)#no access-list 100

-and this deletes the ACL, fine, no problem....

*but* i already applied this to an interface, what i am stumped on is how the heck do i delete it from the int?

I use this command,

router(config)#no ip access-group 100

and its misleading, like its going to remove it but then just gives me a carrot error (after the 100), i've tried this on multiple routers here at work to test it out and the results are the same, my practice sims are even more limited.........(when i do a sh run, I still see the ACL applied to the E0 in)

am i missing something? i thought i was on the right track.

You're nearly there, all you need to do is go into the interface and apply the no ip access-group command

Remove ACL
router(config)#no access-list 100

Remove from int
router(config)#int eth 0
router(config-if)#no ip access-group 100 in

Just read up a bit more about the different interface modes

tech-airman

phatsoundz wrote:

Hi all,
I'm not sure if i am simply missing this in my books and the web....but here it goes....

i know in order to remove an extended ACL i can simply put a "no" in front of the statement, i can use this command for example:

router(config)#no access-list 100

-and this deletes the ACL, fine, no problem....

*but* i already applied this to an interface, what i am stumped on is how the heck do i delete it from the int?

I use this command,

router(config)#no ip access-group 100

and its misleading, like its going to remove it but then just gives me a carrot error (after the 100), i've tried this on multiple routers here at work to test it out and the results are the same, my practice sims are even more limited.........(when i do a sh run, I still see the ACL applied to the E0 in)

am i missing something? i thought i was on the right track.

phatsoundz,

Here's how to remove the access list from your E0 interface:

> enable
# config t
(config)# int e0
(config-if)# no ip access-group 100 in
(config-if)# exit
(config)# exit
#

Yes, you were on the right track. However, you had to "ride the train all the way to the train station platform." The reason for your "...carrot error (after the 100)..." is because you were missing the word "in" after "no ip access-group 100." The reason why "in" was the missing word because you stated "...(when i do a sh run, I still see the ACL applied to the E0 in)..."

I hope this helps.

blackmage439

Phatsoundz,

Everyone above gave you the perfect answer. I'll just go a step farther and say that you need enter which direction the access list is applied when removing the line from an interface (either "in" or "out").

The nicest thing about Cisco's CLI is you can always type a "?" while entering a command to give you a list of possible options of what to type next, if you're stumped. Plus, if you type the question mark and it gives you the error message "command not recognized", you know you either entered the command in the wrong mode, or you made a typo somewhere along the line.

Just out of curiosity, are you taking courses for the CCNA? Or just doing self-study?

keenon

in the future you need to remove the acl from the interface first before killing the actual access-list or you will learn the lesson of all lessons..

I haven't done it but i know many that have

phatsoundz

keenon wrote:

in the future you need to remove the acl from the interface first before killing the actual access-list or you will learn the lesson of all lessons..

I haven't done it but i know many that have

the folks above are helpful, and i believe what u say may be the key to my question.......i must kill it from the int first BEFORE blowing away the ACL.....

-the problem i have been having is that the ACL will remain on the interface...but i couldnt remove it from the int only......i think this is due to my blowing away the ACL before blowing away the int ACL?

I'm currently self studying to get CCNA(to answer another question above)

Thanks guys!