[j-nsp] ACL Question
Goldschmidt, Bernd
bernd.goldschmidt at siemens.com
Mon Jan 23 13:07:02 EST 2006
could I get the output of:
sh conf e i a e i g | incl access-l
maybe we can see how the ACL looks like in the config.
Gruß
Bernd.
> -----Original Message-----
> From: surfer at mauigateway.com [mailto:surfer at mauigateway.com]
> Sent: Monday, January 23, 2006 7:03 PM
> To: Goldschmidt, Bernd; surfer at mauigateway.com;
> juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] ACL Question
>
>
>
> Thanks for the reply. I sent this to another person and
> forwarded it here.
>
> That was pretty much the dumbest friggin' email I've ever
> sent to a mailing list. I know way better than that.
> Long-term periods of high stress kills more brain cells than
> beer. 8-)
>
> Also, it's an E-series, not a cisco, but the same thing
> applies. However, I'm still disturbed about not being able
> to remove the bad entry:
>
> # no access-l Allowed-Routes permit ip 0.0.0.0 255.255.255.0
> any
> % specified access list does not exist
>
> I've tried all manner of possibilities to remove the
> particular entry without removing the ACL. The only answer
> so far is to create another ACL without the entry and use
> that.
>
> scott
>
> ----- Original Message Follows -----
> From: "Goldschmidt, Bernd" <bernd.goldschmidt at siemens.com>
> To: <surfer at mauigateway.com>, <juniper-nsp at puck.nether.net>
> Subject: RE: [j-nsp] ACL Question
> Date: Fri, 20 Jan 2006 18:38:41 +0100
>
> > Hi Scott,
> >
> > please remember this old cisco wildcard stuff:
> > ----------------------------------------------
> > lydia(config)#access-l Allowed-Routes permit ip
> > 64.128.254.0 ?
> > A.B.C.D The wild-card mask to apply to the source
> > address
> >
> > lydia(config)#access-l Allowed-Routes permit ip
> > 64.128.254.0 0.0.0.255 any lydia(config)#exit
> > lydia#sh access-list Allowed-Routes
> > IP Access List Allowed-Routes:
> > permit ip 64.128.254.0 0.0.0.255 any
> > deny ip any any
> > lydia#
> >
> > Delete the wrong access-list with the same syntax as you
> > entered the ACL and set a "no" in front of it:
> > ----------------------------------------------------------
> > ---------------------------------------------
> > lydia(config)#access-l Allowed-Routes2 permit ip
> > 64.128.254.0 255.255.255.0 any lydia(config)#^Z
> > lydia#sh access-list Allowed-Routes2
> > IP Access List Allowed-Routes2:
> > permit ip 0.0.0.0 255.255.255.0 any
> > deny ip any any
> > lydia#conf t
> > Enter configuration commands, one per line. End with ^Z.
> > lydia(config)#no access-l Allowed-Routes2 permit ip
> > 64.128.254.0 255.255.255.0 any lydia(config)#exit
> > lydia#sh access-list Allowed-Routes2
> > lydia#
> >
> >
> > HTH
> >
> >
> > Gruß
> > Bernd.
> >
> >
> >
> > > -----Original Message-----
> > > From: juniper-nsp-bounces at puck.nether.net
> > > [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> > > Of Scott Weeks Sent: Thursday, January 19, 2006 12:53 AM
> > > To: juniper-nsp at puck.nether.net
> > > Subject: [j-nsp] ACL Question
> > >
> > >
> > >
> > > Hello Everyone,
> > >
> > > How come when I do this:
> > >
> > > # access-l Allowed-Routes permit ip 64.128.xxx.0
> > > 255.255.255.0 any
> > >
> > > I get this?
> > >
> > > #sho access-l Allowed-Routes
> > > IP Access List Allowed-Routes:
> > > permit ip 0.0.0.0 255.255.255.0 any
> > > deny ip any any
> > >
> > > And then I can't remove the offending line?
> > >
> > > # access-l Allowed-Routes permit ip 0.0.0.0
> > > 255.255.255.0 any
> > > % specified access list does not exist
> > >
> > >
> > > Those blocks exist:
> > >
> > > Time Warner Telecom TWTC-NETBLK-11 (NET-64-128-0-0-1)
> > > 64.128.0.0 -
> > > 64.129.63.255 REGAL TRAVEL TWTC-NETBLK-11
> > > (NET-64-128-1-0-1)
> > > 64.128.1.0 - 64.128.1.127
> > > (The IP block I picked has nothing to do with anything,
> > > except that I replaced xxx with the number 1)
> > >
> > >
> > > Thanks,
> > > scott
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
>
More information about the juniper-nsp
mailing list