cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1487
Views
0
Helpful
3
Replies

Extended ACL permit ip and allowed ports

mahesh18
Level 6
Level 6

                   Hi everyone

Need to confirm if we have extended ACL with object group below

access-list xy_access_in extended permit ip object-group xy_subnets object-group cisco_ynetworks

will above ACL allow all the ports  on the destination object group?

Thanks

mahesh

2 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The ACL rule by itself would mean that TCP/UDP traffic would be allowed on ANY destination or source port from the xy_subnets to cisco_ynetworks

Do notice this very important fact when configuring ACLs

If you have some ACL rule before this mentioned ACL rule in the mentioned ACL and its set to block some ports and the rules source/destination addresses apply to the source/destination networks in these "object-group" then its possible that some ports get blocked even though this rule alone would allow them

- Jouni

View solution in original post