Question

How to delete an access-list?


I am trying to delete the following access-list:

create access-list snmp-deny_all " source-address 0.0.0.0/0 ;" " deny ;" application "Cli"

...yet get this error when trying:

MPE-8810A-ASU-MDF8.32 # del access-list snmp-deny_all
Error: Dynamic rule snmp-deny_all has been applied to an instance
Configuration failed on backup MSM, command execution aborted!

When I do a "show config | i snmp" the only entries have to do with the access-list as shown:

MPE-8810A-ASU-MDF8.31 # sh config | i snmp
configure snmp sysName "MPE-8810A-ASU-MDF8"
create access-list snmp-164.7x.xxx.xxx " source-address 164.7x.xxx.xxx/32 ;" " permit ;" application "Cli"
create access-list snmp-deny_all " source-address 0.0.0.0/0 ;" " deny ;" application "Cli"
# Module snmpMaster configuration.
MPE-8810A-ASU-MDF8.32 #

I'm trying to delete both the snmp access-lists with no luck. Any ideas how I can do that?

3 replies

Userlevel 4
* X480-48t.4 # show configuration acl#
# Module acl configuration.
#
create access-list snmp-deny_all " source-address 0.0.0.0/0 ;" " deny ;" applic ation "Cli"

* X480-48t.5 # delete access-list "snmp-deny_all"* X480-48t.6 # show configuration "acl"
#
# Module acl configuration.
#

* X480-48t.7 #

On my switch, I am able to delete the ACL using above command. I am suspecting that this ACL is not synch between both MSM and hence, giving error while deleting it.

Can you please open TAC case to further investigate on this issue?
Thanks for suggesting a synch problem. I ran synchronization on the switch (BD8810) and was then able to delete the ACLs. Cheers - Jim
Userlevel 4
Awesome!!! Have a great day.

Reply