Remove named access list Cisco
Let's say I have a access-list 1 with 5 permits. And I would like to delete the third permit listing. I know that I can simply do "no 30" However, can I confirm that I can no access-list 1 permit host 192.168.1.1 command in global configuration mode. Or no access-list 1 global configuration command, and then re-enter the other 4 access-list? 3
The named ACL feature allows you to identify standard and extended IP ACLs with an alphanumeric string (name) instead of the current numeric representations. Named IP ACLs allow you to delete individual entries in a specific ACL. If you are using Cisco IOS Release 12.3, you can use sequence numbers to insert statements anywhere in the named ACL. If you are using a software version earlier than Cisco IOS Release 12.3, you can insert statements only at the bottom of the named ACL. Because you can delete individual entries with named ACLs, you can modify your ACL without having to delete and then reconfigure the entire ACL. Use named IP ACLs when you want to intuitively identify ACLs. Creating Named Standard IP ACLs The following list shows the steps that are required to configure and apply a named standard IP ACL on a router: Step 1 Define a standard named IPv4 ACL. Use the ip access-list standard global configuration command. RouterX(config)# ip access-list standard name Define the list using a unique name. A descriptive name can be helpful when examining the configuration of the router. Step 2 Enter one of the following commands to establish test parameters: RouterX(config-std-nacl)#[sequence-number] deny {source [ source-wildcard] I any} RouterX(config-std-nacl)#[sequence-number] permit {source [source-wildcard] | any} In access list configuration mode, specify one or more conditions permitted or denied. This determines whether the packet is passed or dropped. You can also use the sequence number to place the test parameter in a specific location within the list. Step 3 Exit from named access list configuration mode: RouterX(config-std-nacl)#exit RouterX(config)# Step 4 Select a desired interface to be configured. Use the interface global configuration command: RouterX(config)# interface ethernet 0 After you enter the interface command, the CLI prompt changes from (config)# to (config-if)#. Step 5 Link the extended IPv4 ACL to an interface. Use the ip access-group interface configuration command: RouterX(config-if)# ip access-group 101 in Use the show ip interface command to verify that an IP ACL is applied to the interface. Creating Named Extended IP ACLs The steps required to configure and apply a named extended IP ACL on a router are as follows: Step 1 Define a standard named IPv4 ACL. Use the ip access-list extended global configuration command. RouterX(config)# ip access-list extended name Define the list using a unique name. A descriptive name can be helpful when examining the configuration of the router. Step 2 Enter the following command syntax to establish test parameters: RouterX(config-ext-nacl)# [sequence-number] {deny | permit} protocol source source-wildcard destination destination-wildcard [option] In access list configuration mode, specify the conditions allowed or denied. You can use the keyword any to abbreviate an address of 0.0.0.0 with a wildcard mask of 255.255.255.255 for the source address, destination address, or both. You can use the keyword host to abbreviate a wildcard mask of 0.0.0.0 for the source address or destination address. Place the keyword host in front of the address. Step 3 Exit from named access list configuration mode: RouterX(config-ext-nacl)#exit RouterX(config)# Step 4 Select a desired interface to be configured. Use the interface global configuration command: RouterX(config)# interface ethernet 0 After you enter the interface command, the CLI prompt changes from (config)# to (config-if)#. Step 5 Link the extended IPv4 ACL to an interface. Use the ip access-group interface configuration command: RouterX(config-if)# ip access-group 101 in Use the show ip interfaces command to verify that an IP ACL is applied to the interface. You can take advantage of the sequence numbers in a named access list to add specific entries within an existing list. In Example 6-9, a new entry is added to a specified location within the access list. Example 6-9 Confirming Added Entries to an Existing Access List
Using the number of a standard access list as the name, you can also use this feature to place an entry in a specific location of a numbered access list. In Example 6-10, a new entry is added to a specified access list. Example 6-10 Placing an Entry in a Numbered List Using the Name Function
Named Extended ACL: Deny a Single Host from a Given Subnet For the network shown in Figure 6-19, you want to create a list named "troublemaker" to prevent traffic that originates from the host 172.16.4.13 from traveling out Ethernet interface E0. Figure 6-19 Named Extended ACL Denying a Single Host 172.16.3.0 172.16.4.0 E0 E1 E0 E1 172.16.4.0 172.16.4.13 The configuration in Example 6-11 provides a solution for this example. Example 6-11 Access List Preventing Traffic from a Specific Host RouterX(config)#ip access-list standard troublemaker RouterX(config-std-nacl)#deny host 172.16.4.13 RouterX(config-std-nacl)#permit 172.16.4.0 0.0.0.255 RouterX(config-std-nacl)#interface e0 RouterX(config-if)#ip access-group troublemaker out
Named Extended ACL—Deny a Telnet from a Subnet Using Figure 6-19 again, this time you want to create a list named "badgroup" to prevent Telnet traffic that originates from the subnet 172.16.4.0/24 from traveling out Ethernet interface E0. The configuration in Example 6-12 provides a solution. Example 6-12 Access List Preventing Telnet Traffic from a Specific Subnet RouterX(config)#ip access-list extended badgroup RouterX(config-ext-nacl)#deny tcp 172.16.4.0 0.0.0.255 any eq 23 RouterX(config-ext-nacl)#permit ip any any RouterX(config-ext-nacl)#interface e0 RouterX(config-if)#ip access-group badgroup out Table 6-11 describes the command syntax that is presented in the figure.
Continue reading here: Adding Comments to Named or Numbered ACLs Was this article helpful? |