jlewisat_private wrote: > That's a different issue. undefined access list = you referenced an > access-list that does not exist. In that case, it's as if you didn't > reference the access-list. > > I think this is a common pitfal for beginers with IOS. You need to modify > an access-list, so you telnet into the router, conf t, no access-list > blah, then start typing in the new version of the access-list. Hopefully, > your first line is permit tcp any any est, because once you start > reentering the access-list, there's the implicit deny all all at the > end...so if you're getting to the router through the interface using the > access-list you're modifying, you may block yourself out. > > For that reason, it's generally best to create a new access-list, then > modify the interface config to use that new access-list. Even better, show config to get the ACL, cut and paste it into an editor. Add "interface foo" and "no ip access-group this-acl in" and "no ip access-list extended this-acl" at the beginning, and an "interface foo" and "ip access-group this-acl in" at the end. Then you can cut-and-paste the config without any side effects (or you can store it on a tftp server and config net from there). Jeff ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Jul 19 2003 - 21:32:57 PDT