Solved: Re: At end of ACL, what means "inactive"?

jmaxwellUSAF · ‎12-22-2022

Hi.

ACE...

access-list ENTERPRISE_DMZ_IN extended permit ip host 172.16.1.1 host 172.16.1.5 inactive

At end of this ACL, what does the command "inactive" do?

Thank you!

MHM Cisco World · ‎12-23-2022

I run small lab
the R2 connect to OUT (0 level )
the R1 connect to IN (100 level)
you can see access-list with inactive disable the ACL and R2 can not ping R1 inside.
immediate after I remove inactive the R2 can ping R1.

View solution in original post

MHM Cisco World · ‎12-22-2022

meaning you add it and it inactive,
usually this keyword is add if you have new FW and you need to complete the config then active the ACL.

MHM Cisco World · ‎12-23-2022

I run small lab
the R2 connect to OUT (0 level )
the R1 connect to IN (100 level)
you can see access-list with inactive disable the ACL and R2 can not ping R1 inside.
immediate after I remove inactive the R2 can ping R1.

Kasun Bandara · ‎12-22-2022

i guess you are talking about config of ASA. this happens when you deactivate the ACL via ASDM or CLI. even that available in config, it will not actively do anything in operations.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB