[j-nsp] ACL Question

Goldschmidt, Bernd bernd.goldschmidt at siemens.com
Mon Jan 23 17:00:18 EST 2006


Scott,

if you got the output below after the sh conf ...
and if you get the error message "% specified access list does not exist" 
when you try to delete the entry with a "no " and then copy and paste the 
line from the sh conf output, then I see only two options.

1. As you mentioned, genereate a new access-list and try to delete 
the buggy list with a "no access-list allowed-routes [enter]"

2. If this doesn't solve your problem, then I think you have a faulty 
binary config and you need to re-setup the box via factory-defaults.

What software version you are running?
 

Gruß
Bernd.

 

> -----Original Message-----
> From: surfer at mauigateway.com [mailto:surfer at mauigateway.com] 
> Sent: Monday, January 23, 2006 8:12 PM
> To: Goldschmidt, Bernd
> Subject: RE: [j-nsp] ACL Question
> 
> 
> 
> Hello Bernd,
> 
> Here is the entry:
> access-list "allowed-routes" permit ip 0.0.0.0 255.255.255.0
> any
> 
> Other entries are like this:
> access-list "allowed-routes" permit ip 64.128.xxx.0
> 0.0.0.255 any
> 
> scott
> 
> ----- Original Message Follows -----
> From: "Goldschmidt, Bernd" <bernd.goldschmidt at siemens.com>
> To: <surfer at mauigateway.com>, <juniper-nsp at puck.nether.net>
> Subject: RE: [j-nsp] ACL Question
> Date: Mon, 23 Jan 2006 19:07:02 +0100
> 
> > could I get the output of:
> > sh conf e i a e i g | incl access-l
> > maybe we can see how the ACL looks like in the config.
> > 
> > 
> > Gruß
> > Bernd.
> > 
> > 
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: surfer at mauigateway.com
> > > [mailto:surfer at mauigateway.com]  Sent: Monday, January
> > > 23, 2006 7:03 PM To: Goldschmidt, Bernd;
> > > surfer at mauigateway.com;  juniper-nsp at puck.nether.net
> > > Subject: RE: [j-nsp] ACL Question
> > > 
> > > 
> > > 
> > > Thanks for the reply.  I sent this to another person and
> > > forwarded it here.
> > > 
> > > That was pretty much the dumbest friggin' email I've
> > > ever sent to a mailing list.  I know way better than
> > > that.  Long-term periods of high stress kills more brain
> > > cells than beer.  8-)
> > > 
> > > Also, it's an E-series, not a cisco, but the same thing
> > > applies.  However, I'm still disturbed about not being
> > > able to remove the bad entry:
> > > 
> > > # no access-l Allowed-Routes permit ip 0.0.0.0
> > > 255.255.255.0 any
> > >       % specified access list does not exist
> > > 
> > > I've tried all manner of possibilities to remove the
> > > particular entry without removing the ACL.  The only
> > > answer so far is to create another ACL without the entry
> > > and use that.
> > > 
> > > scott
> > > 
> > > ----- Original Message Follows -----
> > > From: "Goldschmidt, Bernd"
> > > <bernd.goldschmidt at siemens.com> To:
> > > <surfer at mauigateway.com>, <juniper-nsp at puck.nether.net>
> > > Subject: RE: [j-nsp] ACL Question Date: Fri, 20 Jan 2006
> > > 18:38:41 +0100 
> > > > Hi Scott,
> > > > 
> > > > please remember this old cisco wildcard stuff:
> > > > ----------------------------------------------
> > > > lydia(config)#access-l Allowed-Routes permit ip
> > > > 64.128.254.0 ?
> > > >   A.B.C.D  The wild-card mask to apply to the source
> > > > address
> > > > 
> > > > lydia(config)#access-l Allowed-Routes permit ip
> > > > 64.128.254.0 0.0.0.255 any lydia(config)#exit
> > > > lydia#sh access-list Allowed-Routes
> > > > IP Access List Allowed-Routes:
> > > >      permit ip 64.128.254.0 0.0.0.255 any
> > > >      deny ip any any
> > > > lydia#
> > > > 
> > > > Delete the wrong access-list with the same syntax as
> > > > you entered the ACL and set a "no" in front of it:
> > > >
> > > >
> > ----------------------------------------------------------
> > > > ---------------------------------------------
> > > > lydia(config)#access-l Allowed-Routes2 permit ip
> > > > 64.128.254.0 255.255.255.0 any lydia(config)#^Z
> > > > lydia#sh access-list Allowed-Routes2 IP Access List
> > > >      Allowed-Routes2: permit ip 0.0.0.0 255.255.255.0
> > > >      any deny ip any any
> > > > lydia#conf t
> > > > Enter configuration commands, one per line.  End with
> > > > ^Z. lydia(config)#no access-l Allowed-Routes2 permit
> > > > ip 64.128.254.0 255.255.255.0 any lydia(config)#exit
> > > > lydia#sh access-list Allowed-Routes2
> > > > lydia#
> > > > 
> > > > 
> > > > HTH
> > > > 
> > > > 
> > > > Gruß
> > > > Bernd.
> > > > 
> > > >  
> > > > 
> > > > > -----Original Message-----
> > > > > From: juniper-nsp-bounces at puck.nether.net 
> > > > > [mailto:juniper-nsp-bounces at puck.nether.net] On
> > > > > Behalf Of Scott Weeks Sent: Thursday, January 19,
> > > > > 2006 12:53 AM To: juniper-nsp at puck.nether.net
> > > > > Subject: [j-nsp] ACL Question
> > > > > 
> > > > > 
> > > > > 
> > > > > Hello Everyone,
> > > > > 
> > > > > How come when I do this:
> > > > > 
> > > > >    # access-l Allowed-Routes permit ip 64.128.xxx.0
> > > > > 255.255.255.0 any
> > > > > 
> > > > > I get this?
> > > > > 
> > > > >    #sho access-l Allowed-Routes
> > > > >    IP Access List Allowed-Routes:
> > > > >         permit ip 0.0.0.0 255.255.255.0 any
> > > > >         deny ip any any
> > > > > 
> > > > > And then I can't remove the offending line?
> > > > > 
> > > > >    # access-l Allowed-Routes permit ip 0.0.0.0
> > > > > 255.255.255.0 any
> > > > >      % specified access list does not exist
> > > > > 
> > > > > 
> > > > > Those blocks exist:
> > > > > 
> > > > >    Time Warner Telecom TWTC-NETBLK-11
> > > > >                                   (NET-64-128-0-0-1)
> > > > >    64.128.0.0 - 64.129.63.255 REGAL TRAVEL
> > > > >                                   TWTC-NETBLK-11
> > > > > (NET-64-128-1-0-1)  64.128.1.0 - 64.128.1.127 
> > > > > (The IP block I picked has nothing to do with
> > > > > anything, except that I replaced xxx with the number
> > > > > 1) 
> > > > > 
> > > > > Thanks,
> > > > > scott
> > > > > _______________________________________________
> > > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > > >  
> > >  
> 



More information about the juniper-nsp mailing list