In the CCIE exam, the original ACL entry cannot be deleted but can only be modified
Experimental topology
Make sure that the interface and routing protocol are connected
The requirements are as follows
R4(config)#access-list 1 deny host 192.168.12.1
R4(config)#access-list 1 permit any
result of sh run
Apply the condition to port e0/2
R4(config)#int e0/2
R4(config-if)#ip access-group 1 in
R4(config-if)#end
R1 5 lost packets
It's easy to delete
R4(config-if)#no ip access-group 1 in
The first method wastes a lot of bandwidth, the second method does on R2
R2(config)#access-list 100 deny ip host 192.168.12.1 host 4.4.4.4
R2(config)#access-list 100 permit ip any any
applied to the interface
R2(config-if)#ip access-group 100 in
R1 can no longer access R4
The edit method is as follows
R2(config)#ip access-list extended 100
R2(config-ext-nacl)#do show access-list
Extended IP access list 100
10 deny ip host 192.168.12.1 host 4.4.4.4 (15 matches)
20 permit ip any any (15 matches)
simply no
R2(config-ext-nacl)#no 10
R2(config-ext-nacl)#do show access-list
Extended IP access list 100
20 permit ip any any (17 matches)
When adding back, remember to be lower than the permit number
R2(config-ext-nacl)#5 deny ip host 192.168.12.1 host 4.4.4.4
R2(config-ext-nacl)#do show access-list
Extended IP access list 100
5 deny ip host 192.168.12.1 host 4.4.4.4
20 permit ip any any (21 matches)
R2(config-ext-nacl)#
naming method
R4(config)#ip access-list standard CCIE
R4(config-std-nacl)#deny 192.168.12.1
R4(config-std-nacl)#permit any