Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco acls

From: "Daniel Linder" <dan () linder org>
Date: Mon, 28 Feb 2005 19:41:34 -0600 (CST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


<quote who="Eric Appelboom">

My concern is that when someone amends an access-list one generally
enters, no access-list 177 and
Then pastes in the new access list. Does this mean that for a period of
time there is no protection on the Network that the acls applies?


Not in my unfortunate experience...  Each ACL has an un-written "deny all"
as the last line.  In my experiences, doing the "no access-list 177"
removes the ACL, but the application of that ACL to interfaces is still
there.  Since the "access-list 177" is blank, it is by default a "deny
all" for all traffic until the lines are re-entered.

In our case, we would login to the router, do a "show acess-list 177",
copy that output to a text editor, save the original, make the
modifications, issue the "no access-list 177", then paste in the config
back to the router.

Don't change an ACL on the link you are accessing the router through!
Just a word of warning from someone who has been there and done just that!

Dan

- - - - -
"I do not fear computer,
I fear the lack of them."
 -- Isaac Asimov
GPG fingerprint:9EE8 ABAE 10D3 0B55 C536  E17A 3620 4DCA A533 19BF

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCI8hONiBNyqUzGb8RAu7ZAJsFZV6x/FYAnTJhGfkh1oC2xfDp1QCgh4FR
gdoSlvQ1jAD3U2jcEh6QXVs=
=lEQ4
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: