basic ACL command question

phatsoundzphatsoundz Member Posts: 34 ■■□□□□□□□□
in CCNA & CCENT
Hi all,
I'm not sure if i am simply missing this in my books and the web....but here it goes....

i know in order to remove an extended ACL i can simply put a "no" in front of the statement, i can use this command for example:

router(config)#no access-list 100

-and this deletes the ACL, fine, no problem....

*but* i already applied this to an interface, what i am stumped on is how the heck do i delete it from the int?

I use this command,

router(config)#no ip access-group 100

and its misleading, like its going to remove it but then just gives me a carrot error (after the 100), i've tried this on multiple routers here at work to test it out and the results are the same, my practice sims are even more limited.........(when i do a sh run, I still see the ACL applied to the E0 in)

am i missing something? i thought i was on the right track.
· Share on FacebookShare on Twitter

Comments

  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    phatsoundz wrote:
    Hi all,
    I'm not sure if i am simply missing this in my books and the web....but here it goes....

    i know in order to remove an extended ACL i can simply put a "no" in front of the statement, i can use this command for example:

    router(config)#no access-list 100

    -and this deletes the ACL, fine, no problem....

    *but* i already applied this to an interface, what i am stumped on is how the heck do i delete it from the int?

    I use this command,

    router(config)#no ip access-group 100

    and its misleading, like its going to remove it but then just gives me a carrot error (after the 100), i've tried this on multiple routers here at work to test it out and the results are the same, my practice sims are even more limited.........(when i do a sh run, I still see the ACL applied to the E0 in)

    am i missing something? i thought i was on the right track.

    You're nearly there, all you need to do is go into the interface and apply the no ip access-group command

    Remove ACL
    router(config)#no access-list 100

    Remove from int
    router(config)#int eth 0
    router(config-if)#no ip access-group 100 in

    Just read up a bit more about the different interface modes :D
    · Share on FacebookShare on Twitter
  • tech-airmantech-airman Member Posts: 953
    phatsoundz wrote:
    Hi all,
    I'm not sure if i am simply missing this in my books and the web....but here it goes....

    i know in order to remove an extended ACL i can simply put a "no" in front of the statement, i can use this command for example:

    router(config)#no access-list 100

    -and this deletes the ACL, fine, no problem....

    *but* i already applied this to an interface, what i am stumped on is how the heck do i delete it from the int?

    I use this command,

    router(config)#no ip access-group 100

    and its misleading, like its going to remove it but then just gives me a carrot error (after the 100), i've tried this on multiple routers here at work to test it out and the results are the same, my practice sims are even more limited.........(when i do a sh run, I still see the ACL applied to the E0 in)

    am i missing something? i thought i was on the right track.

    phatsoundz,

    Here's how to remove the access list from your E0 interface:
    1. > enable
    2. # config t
    3. (config)# int e0
    4. (config-if)# no ip access-group 100 in
    5. (config-if)# exit
    6. (config)# exit
    7. #

    Yes, you were on the right track. However, you had to "ride the train all the way to the train station platform." The reason for your "...carrot error (after the 100)..." is because you were missing the word "in" after "no ip access-group 100." The reason why "in" was the missing word because you stated "...(when i do a sh run, I still see the ACL applied to the E0 in)..."

    I hope this helps.
    · Share on FacebookShare on Twitter
  • blackmage439blackmage439 Member Posts: 163
    Phatsoundz,

    Everyone above gave you the perfect answer. I'll just go a step farther and say that you need enter which direction the access list is applied when removing the line from an interface (either "in" or "out").

    The nicest thing about Cisco's CLI is you can always type a "?" while entering a command to give you a list of possible options of what to type next, if you're stumped. Plus, if you type the question mark and it gives you the error message "command not recognized", you know you either entered the command in the wrong mode, or you made a typo somewhere along the line.

    Just out of curiosity, are you taking courses for the CCNA? Or just doing self-study?
    "Facts are meaningless. They can be used to prove anything!"
    - Homer Simpson
    · Share on FacebookShare on Twitter
  • keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    in the future you need to remove the acl from the interface first before killing the actual access-list or you will learn the lesson of all lessons..

    I haven't done it but i know many that have icon_lol.gif
    Become the stainless steel sharp knife in a drawer full of rusty spoons
    · Share on FacebookShare on Twitter
  • phatsoundzphatsoundz Member Posts: 34 ■■□□□□□□□□
    keenon wrote:
    in the future you need to remove the acl from the interface first before killing the actual access-list or you will learn the lesson of all lessons..

    I haven't done it but i know many that have icon_lol.gif

    the folks above are helpful, and i believe what u say may be the key to my question.......i must kill it from the int first BEFORE blowing away the ACL.....

    -the problem i have been having is that the ACL will remain on the interface...but i couldnt remove it from the int only......i think this is due to my blowing away the ACL before blowing away the int ACL?

    I'm currently self studying to get CCNA(to answer another question above)

    Thanks guys!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.