Firewall Wizards mailing list archives
Re: Cisco acls
From: "Daniel Linder" <dan () linder org>
Date: Mon, 28 Feb 2005 19:41:34 -0600 (CST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <quote who="Eric Appelboom">
My concern is that when someone amends an access-list one generally enters, no access-list 177 and Then pastes in the new access list. Does this mean that for a period of time there is no protection on the Network that the acls applies?
Not in my unfortunate experience... Each ACL has an un-written "deny all" as the last line. In my experiences, doing the "no access-list 177" removes the ACL, but the application of that ACL to interfaces is still there. Since the "access-list 177" is blank, it is by default a "deny all" for all traffic until the lines are re-entered. In our case, we would login to the router, do a "show acess-list 177", copy that output to a text editor, save the original, make the modifications, issue the "no access-list 177", then paste in the config back to the router. Don't change an ACL on the link you are accessing the router through! Just a word of warning from someone who has been there and done just that! Dan - - - - - "I do not fear computer, I fear the lack of them." -- Isaac Asimov GPG fingerprint:9EE8 ABAE 10D3 0B55 C536 E17A 3620 4DCA A533 19BF -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCI8hONiBNyqUzGb8RAu7ZAJsFZV6x/FYAnTJhGfkh1oC2xfDp1QCgh4FR gdoSlvQ1jAD3U2jcEh6QXVs= =lEQ4 -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco acls Eric Appelboom (Mar 01)
- Re: Cisco acls Daniel Linder (Mar 04)
- RE: Cisco acls Bruce Smith (Mar 04)
- RE: Cisco acls Mark Teicher (Mar 12)
- Re: Cisco acls Kevin (Mar 24)
- RE: Cisco acls Mark Teicher (Mar 12)
- Re: Cisco acls Steve Saeedi (Mar 04)
- Re: Cisco acls Luca Berra (Mar 07)
- RE: Cisco acls Mathew Want (Mar 04)
- RE: Cisco acls Ben Nagy (Mar 04)
- Re: Cisco acls Stephane (Mar 04)
- Re: Cisco acls Miha Vitorovic (Mar 24)
- <Possible follow-ups>
- RE: Cisco acls Behm, Jeffrey L. (Mar 04)
(Thread continues...)