Solved: Re: dap network filter and access-group acl

gdspa · ‎08-17-2010

I have this situation:

- dap with a network acl A

- access-group on the outside interface that applies acl B.

If acl A permits traffic but acl B denies it, traffic is denied.

If acl A denies traffic and acl B permits it, traffic is denied.

I would like to permit traffic with acl A even if it is denied by acl B. Is it possible?

Is always acl B applied to the traffic coming from the outside interface even if I apply other acls with dap?

Shilpa Shree Settikere Nanjundappa · ‎09-03-2010

The syntax for applying an access-group on an interface is as follows:
hostname(config)# access-group access_list_name {in | out} interface interface_name [per-user-override]

The per-user-override keyword allows dynamic access lists that are downloaded for user authorization to override the access list assigned to the interface.

Hope this helps.

View solution in original post

Shilpa Shree Settikere Nanjundappa · ‎09-03-2010

The syntax for applying an access-group on an interface is as follows:
hostname(config)# access-group access_list_name {in | out} interface interface_name [per-user-override]

The per-user-override keyword allows dynamic access lists that are downloaded for user authorization to override the access list assigned to the interface.

Hope this helps.