Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I accidently block access to the router from a rule in the access list of the router. I can connect to it from the console but I am not to familiar yet with the CLI of Cisco. Can somebody please guide me to this mess. If I can delete it from the console then I can get back in to the giu and finish up faster. Also, why is it that when the router was bought, when accessing through the GUI it only has certain modules available and you have to upgrade the SDM or Cisco IOS on the router. What a pain in the @#$@# to have to do that from the start. You would imagine that it Cisco would try and make things easier that harder!
what have you actually applied the acl to? if you know what the acl is called then just run "sh run" in enable mode and see where the access list is being applied. then go into that interface or whatever it is and remove it.
Code:
password:xxxxxx
router>en <--- normal mode here
password:zzzzzzz
router#sh run <--- enable mode started here
Generating Configuration...
[snip...]
int FastEthernet1
ip access-list 123 <--- bit you're looking for
[...snip}
router#conf t <--- enter configuration mode
router(configure)#int FastEthernet1
router(configure int)#no ip access-list 123 <--- the line to remove with "no" infront of it
router(configure int)#exit
router#
something along those lines. if you're stuck paste the whole output of sh run here.
ios is lovely... embrace it!
btw if you're using console access under widows i *really* recommend using tuTTY (a puTTY fork) for serial port console access, much better than hypertrm.
Last edited by acid_kewpie; 09-15-2006 at 04:56 PM..
Based on your post, it sounds like you accidentally added a rule to an existing ACL attached to an interface, but since you are using SDM, there are a couple of other ways it might add a command to block http/s access
Code:
no ip http server
no ip http secure-server
-or-
Code:
access-list 10 remark ACL for Access to local http server
access-list 10 permit 192.168.9.0 0.0.0.255
access-list 10 permit 192.168.16.8 0.0.0.7
access-list 10 permit 192.168.32.8 0.0.0.7
access-list 10 deny any log
ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
If your network or host address is not listed in ACL 10, then http/s access would not be permitted.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
