Re: Two questions ACL

Yanaqr · ‎07-20-2020

Hi,

1.which type of ACL allow for removing a single entery without removing the entire ACL?

2. which type of ACL allows you to open port only after someone has successfully logged into router?

Thanks

balaji.bandi · ‎07-20-2020

you can have ACL with only number replace and add, rather removing all ACL.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-acl-seq-num.html

which type of ACL allows you to open port only after someone has successfully logged into router?

required more information and example of the use case - since this can be achieved in different ways.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Martin L · ‎07-20-2020

All standard, extended, and Named ACLs allow for removing a single entry without removing the entire ACL; Long time ago, like pre-IOS 12.2 or around that time, standard ACL could not be edited such way. New IOS fixed that issue by applying numbering to ACL entries.

If you look at category like traditional ACL (old standard acl) vs Named acl vs Numbered acl (extended and new standard acls), then "old" traditional could not be edited (at least the easy way).

There are other ACL categorizes: Role-based, Time-based, reflexive ACLs, and dynamic ACL

will attach source link once i lookup my notes

Regards, ML
**Please Rate All Helpful Responses **

Martin L · ‎07-20-2020

Re: Q.2. looks like the Dynamic ACLs or lock-and-key ACLs are created to allow user access to a specific source/destination host through a user authentication process. Cisco implementations utilize IOS Firewall capabilities and do not hinder existing security restrictions.
source:
(https://community.cisco.com/t5/security-documents/acl/ta-p/3113522#toc-hId--767837352)