05-19-2017 11:49 AM
i have an acl that i need to change. I talked with support and the person i was talking with was stumbling through the cli and look at webui, mumling and i just didnt think they had a handle on what i was trying to get accomplished so i thought i would just do some research and figure it out.
the issue is the session acl opens up a whole series of ports across all subnets on the LAN for access from the guest network (for airplay). The atv's are in their own vlans so i want to limit access to those specific subnets. I believe the command for the new acl would look something like this, i would add an entry for each of hte required subnets. (the subnet listed is an example):
#ip access-list session <acl name>
#any network 10.0.0.0 255.255.255.0 any permit
Let me know if that is incorrect.
Now down to the main question. I was told i cant edit an existing acl, i have to delete it then recreate it. I cant find command to delete the acl. I will also need the command to re-add the acl to the roles as it will be removed from them when its deleted, if my understanding is correct.
Solved! Go to Solution.
Re: editing acls
Re: editing acls
05-20-2017 01:50 AM
Yes, it is that simple. See below for an example, don't forget you'll need to be in "conf t" to make the change.
(Lab620) (config) #no ip access-list session test2 (Lab620) (config) #
This is based on a "session" ACL, so you may need to adjust the syntax accordingly if the ACL is a eth, extended, mac etc.
(Lab620) (config) #no ip access-list ? eth Ethertype access list extended Extended Access List mac MAC access list route Route Access List session Session Access List standard Standard Access List
ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)