05-19-2017 11:49 AM
i have an acl that i need to change. I talked with support and the person i was talking with was stumbling through the cli and look at webui, mumling and i just didnt think they had a handle on what i was trying to get accomplished so i thought i would just do some research and figure it out.
the issue is the session acl opens up a whole series of ports across all subnets on the LAN for access from the guest network (for airplay). The atv's are in their own vlans so i want to limit access to those specific subnets. I believe the command for the new acl would look something like this, i would add an entry for each of hte required subnets. (the subnet listed is an example):
#ip access-list session <acl name>
#any network 10.0.0.0 255.255.255.0 any permit
Let me know if that is incorrect.
Now down to the main question. I was told i cant edit an existing acl, i have to delete it then recreate it. I cant find command to delete the acl. I will also need the command to re-add the acl to the roles as it will be removed from them when its deleted, if my understanding is correct.
Solved! Go to Solution.
05-20-2017 01:50 AM
Yes, it is that simple. See below for an example, don't forget you'll need to be in "conf t" to make the change.
(Lab620) (config) #no ip access-list session test2 (Lab620) (config) #
This is based on a "session" ACL, so you may need to adjust the syntax accordingly if the ACL is a eth, extended, mac etc.
(Lab620) (config) #no ip access-list ? eth Ethertype access list extended Extended Access List mac MAC access list route Route Access List session Session Access List standard Standard Access List
If my post addresses your query, give kudos:)