[j-nsp] ACL Question

Goldschmidt, Bernd bernd.goldschmidt at siemens.com
Fri Jan 20 12:38:41 EST 2006


Hi Scott,

please remember this old cisco wildcard stuff:
----------------------------------------------
lydia(config)#access-l Allowed-Routes permit ip 64.128.254.0 ?
  A.B.C.D  The wild-card mask to apply to the source address

lydia(config)#access-l Allowed-Routes permit ip 64.128.254.0 0.0.0.255 any
lydia(config)#exit
lydia#sh access-list Allowed-Routes
IP Access List Allowed-Routes:
     permit ip 64.128.254.0 0.0.0.255 any
     deny ip any any
lydia#

Delete the wrong access-list with the same syntax as you entered the ACL and set a "no" in front of it:
-------------------------------------------------------------------------------------------------------
lydia(config)#access-l Allowed-Routes2 permit ip 64.128.254.0 255.255.255.0 any
lydia(config)#^Z
lydia#sh access-list Allowed-Routes2
IP Access List Allowed-Routes2:
     permit ip 0.0.0.0 255.255.255.0 any
     deny ip any any
lydia#conf t
Enter configuration commands, one per line.  End with ^Z.
lydia(config)#no access-l Allowed-Routes2 permit ip 64.128.254.0 255.255.255.0 any
lydia(config)#exit
lydia#sh access-list Allowed-Routes2
lydia#


HTH


Gruß
Bernd.

 

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Scott Weeks
> Sent: Thursday, January 19, 2006 12:53 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] ACL Question
> 
> 
> 
> Hello Everyone,
> 
> How come when I do this:
> 
>    # access-l Allowed-Routes permit ip 64.128.xxx.0
> 255.255.255.0 any
> 
> I get this?
> 
>    #sho access-l Allowed-Routes
>    IP Access List Allowed-Routes:
>         permit ip 0.0.0.0 255.255.255.0 any
>         deny ip any any
> 
> And then I can't remove the offending line?
> 
>    # access-l Allowed-Routes permit ip 0.0.0.0 255.255.255.0
> any
>      % specified access list does not exist
> 
> 
> Those blocks exist:
> 
>    Time Warner Telecom TWTC-NETBLK-11 (NET-64-128-0-0-1) 
>                                   64.128.0.0 - 64.129.63.255
>    REGAL TRAVEL TWTC-NETBLK-11 (NET-64-128-1-0-1) 
>                                   64.128.1.0 - 64.128.1.127
> 
> (The IP block I picked has nothing to do with anything,
> except that I replaced xxx with the number 1)
> 
> 
> Thanks,
> scott
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list