Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1073
Views
0
Helpful
1
Replies

weird question about ACL

dominique.rossignol
Level 1
Level 1

‎12-20-2018 03:19 PM

Hi,

ACL is created to match conditions

Ex with standard ACL: access-list 1 permit 10.0.0.0 0.255.255.255

There is implicit deny at the end

So when IP 10.1.1.1.1 comes => ACL matches for this IP

When IP 9.1.1.1 comes => ACL don't match for this IP

 

Suppose you add explicitely the implicit deny as an ACE n°2 access-list deny any

Q1) does the IOS add always the implicit deny even in this case ?

Q2) in this case, 9.1.1.1 match ACE n°2 (before implicit deny if exists) So, may we consider that ACL matches for this IP ?

 

Sorry, if it is a weird question but i had to be very clear with these concepts

Regards

 

Labels:
0 Helpful
1 Reply 1

luis_cordova
VIP Alumni
VIP Alumni

‎12-20-2018 03:32 PM

Hi @dominique.rossignol,

 

Q1: Yes, regardless of what you indicate in the ACEs, the IOS will place an implicit deny at the end of the ACL.

Q2: Yes, the ACE n2 will match that IP, but also with all the other IPs that arrive at the interface with the applied ACL.

 

Regards

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card