Access-list problem

[Guest_imported]

Dear Readers,

I have problem with Cisco Router, specially with
the access-list. I created small application
to make me easier to configure the access-list.
But the problem is when I executed this line
in telnet session through my app :

<router-config prompt> no access-list 110

The router directly goes down. I found that
there is a VPN configuration that using this
access-number.

Well.. My question is How can we delete the
access-list without directly taking an effect ?
in the example above I delete access number
110, but my codes in my small app will
create another 110.. unfortunaly it doesn't
have any change to write it down, since
in some case &quot;no access-list command&quot; kills
the router directly.

Thank you for the help.

 

[ChrisAC]

I'm not quite sure what you mean!! Isn't this a problem with your app and not the router?

Chris

************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************

 

[Guest_imported]

Hi Chris,

Well, I will describe the problem shortly I hope
you can understand.

Here is my router's access-list configuration :

Extended IP access list 101
permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
deny ip 0.0.0.0 255.255.255.0 any
Extended IP access list 102
permit ip 0.0.0.1 255.255.255.0 0.0.0.1 255.255.255.0
deny ip 0.0.0.1 255.255.255.0 any
Extended IP access list 103
permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
deny ip 0.0.0.0 255.255.255.0 any
Extended IP access list 110
permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
deny ip 0.0.0.0 255.255.255.0 any
permit ip 0.0.0.1 255.255.255.0 0.0.0.1 255.255.255.0 (12377 matches)
Extended IP access list 121
permit ip 0.0.0.0 255.255.255.0 0.0.0.1 255.255.255.0
deny ip 0.0.0.0 255.255.255.0 any
Extended IP access list 123
permit ip 0.0.0.1 255.255.255.0 0.0.0.1 255.255.255.0
deny ip 0.0.0.1 255.255.255.0 any

I tried to delete access-list 110, but when I execute
from my app, or directly through the telnet session :

<router-config-prompt>no access-list 110

then the router went down.

My Question is simple, how can we delete any access-list
without making the router down ?
I mean the delete command won't take an effect yet
until a certain of time / condition.. is it possible ?

Thank you in advance,

 

[ChrisAC]

&quot;went down&quot;???? Stopped working, crashed, boxed itself up again???

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************

 

[Saeed42]

If you want to disable an access-list the best thing to do is to remove it from the interface first then remove the access-list completely, sometimes when you remove the access-list (no access-list #) but that access list is still on the interface implicit deny would be applied
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Guest_imported]

The router &quot;went down&quot; here is I can't telnet to it again,
and I have to restart the router.

But the problem is, the access-list is not applied to the interface directly.
I think I have one IPSEC VPN created, and the access-list that I want to delete is applied to the VPN, and the
interface is applied to that VPN.

So how do I solve this problem ?

 

[Degg]

Can you console into the router? it sounds like when you delete the list, your telnet session gets dropped. When you restart the router, the access list is there (because you didnt get a chance to save the new config) and you can telnet again. If you console into the router, you wont lose connection when you delete the list.