access-list reset

Syntax

access-list {all|ip <ACL-NAME>|ipv6 <ACL-NAME>|mac <ACL-NAME>} reset

Description

Changes the user-specified ACL configuration to match the active ACL configuration. Use this command when a discrepancy exists between what the user configured and what is active and accepted by the system.

Command context

config

Parameters

all|ip <ACL-NAME>|ipv6 <ACL-NAME>|mac <ACL-NAME>
Specifies one of the following:

  • a reset of all ACLs.

  • a reset of a named IPv4 ACL.

  • a reset of a named IPv6 ACL.

  • a reset of a named MAC ACL.

Authority

Administrators

Usage

The output of the show access-list command displays the active configuration of the product. The active configuration is the ACLs that have been configured and accepted by the system. The output of the show access-list command with the configuration parameter, displays the ACLs that have been configured. The output of this command may not be the same as what was programmed in hardware or what is active on the product.

If the active ACLs and user-configured ACLs are not the same, a warning message is displayed in the output of the show command. Modify the user-configured ACL until the warning message is no longer displayed or run the access-list reset command to change the user-specified configuration to match the active configuration.

Examples

Apply an ACL with TCP acknowledgements (ACKs) on egress, which is unsupported by hardware: 

switch(config-acl)# 10 permit tcp 172.16.2.0/16 any ack

Displaying the user-specified configuration: 

switch(config)# do show run access-list ip TEST_ACL
        10 permit tcp 172.16.2.0/16 any ack
    interface 1/1/1
    ! access-list ip TEST_ACL user configuration does not match active configuration.
    ! run 'show access-list [commands]' to display active access-list configuration.
        apply access-list ip TEST_ACL out

    switch(config)# do show access-list commands
    access-list ip TEST_ACL
        10 permit tcp 172.16.2.0/16 any ack
    ! access-list ip TEST_ACL user configuration does not match active configuration.
    ! run 'access-list all reset' to reset all access-lists to match active configuration.

    switch(config)# do show access-list commands configuration
    access-list ip TEST_ACL
        10 permit tcp 172.16.2.0/16 any ack
    ! access-list ip TEST_ACL user configuration does not match active configuration.
    ! run 'access-list all reset' to reset all access-lists to match active configuration.
    interface 1/1/1
        apply access-list ip TEST_ACL out
    
    switch(config)# do show access-list commands
    access-list ip TEST_ACL
        10 permit tcp 172.16.2.0/16 any ack

    switch(config)# do show access-list
    Type       Name
      Sequence Comment
               Action                          L3 Protocol
               Source IP Address               Source L4 Port(s)
               Destination IP Address          Destination L4 Port(s)
               Additional Parameters
    -------------------------------------------------------------------------------
    IPv4       test
            10 permit                          tcp
               any
               any
               ack
Resetting the user-specified configuration to match the active configuration. 
switch(config)# access-list all reset

Displaying the updated user-specified configuration. 

 switch(config)# do show access-list commands configuration
    access-list ip TEST_ACL
        10 permit tcp 172.16.2.0/16 any ack