access-list reset

Syntax

access-list {all|ip <ACL-NAME>|ipv6 <ACL-NAME>|mac <ACL-NAME>} reset

Description

Changes the user-specified ACL configuration to match the active ACL configuration. Use this command when a discrepancy exists between what the user configured and what is active and accepted by the system.

Command context

config

Parameters

all|ip <ACL-NAME>|ipv6 <ACL-NAME>|mac <ACL-NAME>
Specifies one of the following:
  • a reset of all ACLs.

  • a reset of a named IPv4 ACL.

  • a reset of a named IPv6 ACL.

  • a reset of a named MAC ACL.

Authority

Administrators

Usage

The output of the show access-list command displays the active configuration of the product. The active configuration is the ACLs that have been configured and accepted by the system. The output of the show access-list command with the configuration parameter, displays the ACLs that have been configured. The output of this command may not be the same as what was programmed in hardware or what is active on the product.

If the active ACLs and user-configured ACLs are not the same, a warning message is displayed in the output of the show command. Modify the user-configured ACL until the warning message is no longer displayed or run the access-list reset command to change the user-specified configuration to match the active configuration.

Examples

Apply an ACL with TCP acknowledgments (ACKs) on egress, which is unsupported by hardware:

switch(config-acl)# 10 permit tcp 172.16.2.0/16 any ack

Displaying the user-specified configuration:

switch(config)# do show access-list commands 
! access-list ip TEST_ACL user configuration does not match active configuration.
! run 'access-list TYPE NAME reset' to reset access-list to match active configuration.
access-list ip TEST_ACL
! access-list ip TEST_ACL user configuration does not match active configuration.
! run 'access-list TYPE NAME reset' to reset access-list to match active configuration.
interface 1/1/1
    apply access-list ip TEST_ACL out

switch(config)# do show access-list commands configuration 
! access-list ip TEST_ACL user configuration does not match active configuration.
! run 'access-list TYPE NAME reset' to reset access-list to match active configuration.
access-list ip TEST_ACL
    10 permit tcp 172.16.2.0/255.255.0.0 any ack
! access-list ip TEST_ACL user configuration does not match active configuration.
! run 'access-list TYPE NAME reset' to reset access-list to match active configuration.
interface 1/1/1
    apply access-list ip TEST_ACL out

switch(config)# do show access-list 
Type       Name                                              
  Sequence Comment                                           
           Action                          L3 Protocol       
           Source IP Address               Source L4 Port(s) 
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters                             
-------------------------------------------------------------------------------
% Warning: TEST_ACL user configuration does not match active configuration.
%          run 'access-list TYPE NAME reset' to reset access-list to match active configuration.
IPv4       TEST_ACL

switch(config)# do show access-list configuration 
Type       Name                                              
  Sequence Comment                                           
           Action                          L3 Protocol       
           Source IP Address               Source L4 Port(s) 
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters                             
-------------------------------------------------------------------------------
% Warning: TEST_ACL user configuration does not match active configuration.
%          run 'access-list TYPE NAME reset' to reset access-list to match active configuration.
IPv4       TEST_ACL
        10 
           permit                          tcp 
           172.16.2.0/255.255.0.0          
           any                             
           ack 
Resetting the user-specified configuration to match the active configuration.
switch(config)# access-list ip TEST_ACL reset

Displaying the updated user-specified configuration.

switch(config)# do show access-list commands 
access-list ip TEST_ACL
interface 1/1/1
    apply access-list ip TEST_ACL out

switch(config)# do show access-list commands configuration 
access-list ip TEST_ACL
interface 1/1/1
    apply access-list ip TEST_ACL out

switch(config)# do show access-list 
Type       Name                                              
  Sequence Comment                                           
           Action                          L3 Protocol       
           Source IP Address               Source L4 Port(s) 
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters                             
-------------------------------------------------------------------------------
IPv4       TEST_ACL

switch(config)# do show access-list configuration  
Type       Name                                              
  Sequence Comment                                           
           Action                          L3 Protocol       
           Source IP Address               Source L4 Port(s) 
           Destination IP Address          Destination L4 Port(s)
           Additional Parameters                             
-------------------------------------------------------------------------------
IPv4       TEST_ACL