For this example we will use extended ACL 100. This is the ACL:
gw-001#show run | inc access-list 100
access-list 100 remark NAT
access-list 100 deny ip 10.62.17.0 0.0.0.255 172.31.0.0 0.0.255.255 log
access-list 100 permit ip 10.62.0.0 0.0.255.255 any log
access-list 100 permit ip any any log
We want to remove the line access-list 100 permit ip 10.62.0.0 0.0.255.255 any log:
gw-001#show ip access-lists 100
Extended IP access list 100
10 deny ip 10.62.17.0 0.0.0.255 172.31.0.0 0.0.255.255 log (2 matches)
20 permit ip 10.62.0.0 0.0.255.255 any log (70 matches)
30 permit ip any any log (29 matches)
We want to delete the entry 20. Then:
gw-001#config t
Enter configuration commands, one per line. End with CNTL/Z.
gw-001(config)#ip access-list extended 100
gw-001(config-ext-nacl)#no 20
gw-001(config-ext-nacl)#end
gw-001#
gw-001#show ip access-lists 100
Extended IP access list 100
10 deny ip 10.62.17.0 0.0.0.255 172.31.0.0 0.0.255.255 log (2 matches)
30 permit ip any any log (29 matches)
Done!
No comments:
Post a Comment