[j-nsp] ACL Question
Goldschmidt, Bernd
bernd.goldschmidt at siemens.com
Mon Jan 23 17:00:18 EST 2006
Scott,
if you got the output below after the sh conf ...
and if you get the error message "% specified access list does not exist"
when you try to delete the entry with a "no " and then copy and paste the
line from the sh conf output, then I see only two options.
1. As you mentioned, genereate a new access-list and try to delete
the buggy list with a "no access-list allowed-routes [enter]"
2. If this doesn't solve your problem, then I think you have a faulty
binary config and you need to re-setup the box via factory-defaults.
What software version you are running?
Gruß
Bernd.
> -----Original Message-----
> From: surfer at mauigateway.com [mailto:surfer at mauigateway.com]
> Sent: Monday, January 23, 2006 8:12 PM
> To: Goldschmidt, Bernd
> Subject: RE: [j-nsp] ACL Question
>
>
>
> Hello Bernd,
>
> Here is the entry:
> access-list "allowed-routes" permit ip 0.0.0.0 255.255.255.0
> any
>
> Other entries are like this:
> access-list "allowed-routes" permit ip 64.128.xxx.0
> 0.0.0.255 any
>
> scott
>
> ----- Original Message Follows -----
> From: "Goldschmidt, Bernd" <bernd.goldschmidt at siemens.com>
> To: <surfer at mauigateway.com>, <juniper-nsp at puck.nether.net>
> Subject: RE: [j-nsp] ACL Question
> Date: Mon, 23 Jan 2006 19:07:02 +0100
>
> > could I get the output of:
> > sh conf e i a e i g | incl access-l
> > maybe we can see how the ACL looks like in the config.
> >
> >
> > Gruß
> > Bernd.
> >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: surfer at mauigateway.com
> > > [mailto:surfer at mauigateway.com] Sent: Monday, January
> > > 23, 2006 7:03 PM To: Goldschmidt, Bernd;
> > > surfer at mauigateway.com; juniper-nsp at puck.nether.net
> > > Subject: RE: [j-nsp] ACL Question
> > >
> > >
> > >
> > > Thanks for the reply. I sent this to another person and
> > > forwarded it here.
> > >
> > > That was pretty much the dumbest friggin' email I've
> > > ever sent to a mailing list. I know way better than
> > > that. Long-term periods of high stress kills more brain
> > > cells than beer. 8-)
> > >
> > > Also, it's an E-series, not a cisco, but the same thing
> > > applies. However, I'm still disturbed about not being
> > > able to remove the bad entry:
> > >
> > > # no access-l Allowed-Routes permit ip 0.0.0.0
> > > 255.255.255.0 any
> > > % specified access list does not exist
> > >
> > > I've tried all manner of possibilities to remove the
> > > particular entry without removing the ACL. The only
> > > answer so far is to create another ACL without the entry
> > > and use that.
> > >
> > > scott
> > >
> > > ----- Original Message Follows -----
> > > From: "Goldschmidt, Bernd"
> > > <bernd.goldschmidt at siemens.com> To:
> > > <surfer at mauigateway.com>, <juniper-nsp at puck.nether.net>
> > > Subject: RE: [j-nsp] ACL Question Date: Fri, 20 Jan 2006
> > > 18:38:41 +0100
> > > > Hi Scott,
> > > >
> > > > please remember this old cisco wildcard stuff:
> > > > ----------------------------------------------
> > > > lydia(config)#access-l Allowed-Routes permit ip
> > > > 64.128.254.0 ?
> > > > A.B.C.D The wild-card mask to apply to the source
> > > > address
> > > >
> > > > lydia(config)#access-l Allowed-Routes permit ip
> > > > 64.128.254.0 0.0.0.255 any lydia(config)#exit
> > > > lydia#sh access-list Allowed-Routes
> > > > IP Access List Allowed-Routes:
> > > > permit ip 64.128.254.0 0.0.0.255 any
> > > > deny ip any any
> > > > lydia#
> > > >
> > > > Delete the wrong access-list with the same syntax as
> > > > you entered the ACL and set a "no" in front of it:
> > > >
> > > >
> > ----------------------------------------------------------
> > > > ---------------------------------------------
> > > > lydia(config)#access-l Allowed-Routes2 permit ip
> > > > 64.128.254.0 255.255.255.0 any lydia(config)#^Z
> > > > lydia#sh access-list Allowed-Routes2 IP Access List
> > > > Allowed-Routes2: permit ip 0.0.0.0 255.255.255.0
> > > > any deny ip any any
> > > > lydia#conf t
> > > > Enter configuration commands, one per line. End with
> > > > ^Z. lydia(config)#no access-l Allowed-Routes2 permit
> > > > ip 64.128.254.0 255.255.255.0 any lydia(config)#exit
> > > > lydia#sh access-list Allowed-Routes2
> > > > lydia#
> > > >
> > > >
> > > > HTH
> > > >
> > > >
> > > > Gruß
> > > > Bernd.
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: juniper-nsp-bounces at puck.nether.net
> > > > > [mailto:juniper-nsp-bounces at puck.nether.net] On
> > > > > Behalf Of Scott Weeks Sent: Thursday, January 19,
> > > > > 2006 12:53 AM To: juniper-nsp at puck.nether.net
> > > > > Subject: [j-nsp] ACL Question
> > > > >
> > > > >
> > > > >
> > > > > Hello Everyone,
> > > > >
> > > > > How come when I do this:
> > > > >
> > > > > # access-l Allowed-Routes permit ip 64.128.xxx.0
> > > > > 255.255.255.0 any
> > > > >
> > > > > I get this?
> > > > >
> > > > > #sho access-l Allowed-Routes
> > > > > IP Access List Allowed-Routes:
> > > > > permit ip 0.0.0.0 255.255.255.0 any
> > > > > deny ip any any
> > > > >
> > > > > And then I can't remove the offending line?
> > > > >
> > > > > # access-l Allowed-Routes permit ip 0.0.0.0
> > > > > 255.255.255.0 any
> > > > > % specified access list does not exist
> > > > >
> > > > >
> > > > > Those blocks exist:
> > > > >
> > > > > Time Warner Telecom TWTC-NETBLK-11
> > > > > (NET-64-128-0-0-1)
> > > > > 64.128.0.0 - 64.129.63.255 REGAL TRAVEL
> > > > > TWTC-NETBLK-11
> > > > > (NET-64-128-1-0-1) 64.128.1.0 - 64.128.1.127
> > > > > (The IP block I picked has nothing to do with
> > > > > anything, except that I replaced xxx with the number
> > > > > 1)
> > > > >
> > > > > Thanks,
> > > > > scott
> > > > > _______________________________________________
> > > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > > >
> > >
>
More information about the juniper-nsp
mailing list