[j-nsp] ACL Question

Scott Weeks surfer at mauigateway.com
Mon Jan 23 13:02:40 EST 2006



Thanks for the reply.  I sent this to another person and
forwarded it here.

That was pretty much the dumbest friggin' email I've ever
sent to a mailing list.  I know way better than that. 
Long-term periods of high stress kills more brain cells than
beer.  8-)

Also, it's an E-series, not a cisco, but the same thing
applies.  However, I'm still disturbed about not being able
to remove the bad entry:

# no access-l Allowed-Routes permit ip 0.0.0.0 255.255.255.0
any
      % specified access list does not exist

I've tried all manner of possibilities to remove the
particular entry without removing the ACL.  The only answer
so far is to create another ACL without the entry and use
that.

scott

----- Original Message Follows -----
From: "Goldschmidt, Bernd" <bernd.goldschmidt at siemens.com>
To: <surfer at mauigateway.com>, <juniper-nsp at puck.nether.net>
Subject: RE: [j-nsp] ACL Question
Date: Fri, 20 Jan 2006 18:38:41 +0100

> Hi Scott,
> 
> please remember this old cisco wildcard stuff:
> ----------------------------------------------
> lydia(config)#access-l Allowed-Routes permit ip
> 64.128.254.0 ?
>   A.B.C.D  The wild-card mask to apply to the source
> address
> 
> lydia(config)#access-l Allowed-Routes permit ip
> 64.128.254.0 0.0.0.255 any lydia(config)#exit
> lydia#sh access-list Allowed-Routes
> IP Access List Allowed-Routes:
>      permit ip 64.128.254.0 0.0.0.255 any
>      deny ip any any
> lydia#
> 
> Delete the wrong access-list with the same syntax as you
> entered the ACL and set a "no" in front of it:
> ----------------------------------------------------------
> ---------------------------------------------
> lydia(config)#access-l Allowed-Routes2 permit ip
> 64.128.254.0 255.255.255.0 any lydia(config)#^Z
> lydia#sh access-list Allowed-Routes2
> IP Access List Allowed-Routes2:
>      permit ip 0.0.0.0 255.255.255.0 any
>      deny ip any any
> lydia#conf t
> Enter configuration commands, one per line.  End with ^Z.
> lydia(config)#no access-l Allowed-Routes2 permit ip
> 64.128.254.0 255.255.255.0 any lydia(config)#exit
> lydia#sh access-list Allowed-Routes2
> lydia#
> 
> 
> HTH
> 
> 
> Gruß
> Bernd.
> 
>  
> 
> > -----Original Message-----
> > From: juniper-nsp-bounces at puck.nether.net 
> > [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> > Of Scott Weeks Sent: Thursday, January 19, 2006 12:53 AM
> > To: juniper-nsp at puck.nether.net
> > Subject: [j-nsp] ACL Question
> > 
> > 
> > 
> > Hello Everyone,
> > 
> > How come when I do this:
> > 
> >    # access-l Allowed-Routes permit ip 64.128.xxx.0
> > 255.255.255.0 any
> > 
> > I get this?
> > 
> >    #sho access-l Allowed-Routes
> >    IP Access List Allowed-Routes:
> >         permit ip 0.0.0.0 255.255.255.0 any
> >         deny ip any any
> > 
> > And then I can't remove the offending line?
> > 
> >    # access-l Allowed-Routes permit ip 0.0.0.0
> > 255.255.255.0 any
> >      % specified access list does not exist
> > 
> > 
> > Those blocks exist:
> > 
> >    Time Warner Telecom TWTC-NETBLK-11 (NET-64-128-0-0-1)
> >                                   64.128.0.0 -
> >    64.129.63.255 REGAL TRAVEL TWTC-NETBLK-11
> >                                   (NET-64-128-1-0-1) 
> > 64.128.1.0 - 64.128.1.127 
> > (The IP block I picked has nothing to do with anything,
> > except that I replaced xxx with the number 1)
> > 
> > 
> > Thanks,
> > scott
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >  



More information about the juniper-nsp mailing list