Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco acls

From: Miha Vitorovic <mvitorovic () nil si>
Date: Thu, 3 Mar 2005 20:10:42 +0100
[sorry, resending this in text/plain only :(]

I haven't done this for a while, but if I remember correctly, the logic 
goes as follows. 

Each ACL has an implicit "access-list x deny ip any any" at the end. The 
following config:

interface FastEthernet 0/0
  ip address 10.0.0.1 255.255.255.0
  ip access-group x in

then implicitly denies all traffic to the interface, if the access-list x 
is not defined, i.e. it contains only the implicit line denying all 
traffic.

Best regards,
---
  Miha Vitorovic
  Inženir v tehničnem področju
  Customer Support Engineer

   NIL Data Communications,  Tivolska cesta 48,  1000 Ljubljana,  Slovenia
   Phone +386 1 4746 500      Fax +386 1 4746 501     http://www.NIL.si

firewall-wizards-admin () honor icsalabs com wrote on 01.03.2005 16:53:21:



Hi,

I would appreciate some comments with regard to the extensive use of
cisco routers acls
To protect numerous networks.

My concern is that when someone amends an access-list one generally
enters, no access-list 177 and
Then pastes in the new access list. Does this mean that for a period of
time there is no protection on the
Network that the acls applies?

Best Regards
Eric
MWEB: S.A.'s trusted Internet Service Provider. Just Like that. 
To join, click here or call 08600 32000. 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: