02-16-2010 10:46 PM - edited 03-11-2019 10:10 AM
Hello
I need some help about access list. I understand is being read from top to down but
I would like to confirm if someone have a reference or knowledge on how to organize
access list w/ different protocols. what i meant is from top to down w/c protocols should be
at the top (example access-list inside line 1 permit tcp..... ) and how about the
access-list inside line 1 permit ICMP....
access-list inside line 1 permit udp....
source ip addresseses, is it from broad( top) going to specific ip(down).
Thanks.
02-17-2010 12:44 AM
dantebarlizo wrote:
Hello
I need some help about access list. I understand is being read from top to down but
I would like to confirm if someone have a reference or knowledge on how to organize
access list w/ different protocols. what i meant is from top to down w/c protocols should be
at the top (example access-list inside line 1 permit tcp..... ) and how about the
access-list inside line 1 permit ICMP....
access-list inside line 1 permit udp....
source ip addresseses, is it from broad( top) going to specific ip(down).
Thanks.
access-lists are indeed read from top to bottom and as soon as a match is made in the access-list processing stops and the action, pemit or deny, is executed.
Because access-lists are read from top to bottom the recommendation is to try and put the lines that will matched the most at the top of the acl. This means that processing of the acl per packet will be less because the device will find a match sooner rather than later. Having said that most devices are very good at processing acls so this is not something you should worry too much about.
Source IP addresses should be done specific nearer the top than broad. If you do it the other way round then there is the chance a match will be made on the broad entry when you wanted it on the specific.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide