Removing entries from access-lists

2lazybutsmart

If you add so much information into an access-list, is it possible to delete just a single entry?

It has been very smooth for me today untill I accidently tried to remove a "deny" I added by mistake. Boom. the whole access-list went down the drain and I had to start the whole process from zero.

Does anybody know how I can get over this problem?

Thanks.

2lbs.

mwgood

I'm not absolutely certain about this - so be sure to double check it... but, if I remember correctly, you can delete single entries for a named access list only. For standard or extended lists, you must start the list over from the beginning if you need to delete an entry.

-Mike

Webmaster

Probably the most convenient method in scenarios where you have to maintain large lists is to copy the config using TFTP, and than edit the configuration file in notepad and overwrite the current config with it by copying it from TFTP to the router.

forbesl

2lazybutsmart wrote:

Does anybody know how I can get over this problem?

Thanks.

2lbs.

I keep a text file of every access list for every router I manage. When I need to make an addition/deletion, it's a simple matter of editing the text file and either TFTP'ing it (for my remote devices) or a just copy and paste (for my local devices) into the config. If it's a real large list, I suggest always TFTP'ing it.

The first two lines in the text file(s) removes the list from the interface it's applied to, the next line removes the access list, and the rest of it reapplies the entire access list to the router along with the addition/deletion I've made. The last two lines reapply the access list to the interface.

CiscoWorks ACL Manager will let you add/delete one line at a time. We have it, but I don't use it.