Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
3
Replies

ACL Standard in

Go to solution
chrissnop
Level 1
Level 1

‎08-07-2016 10:38 PM - edited ‎03-05-2019 04:27 AM

H guys, standard acl is 1 - 99.

If I create two acl number 1 and 2, does it mean that only one of them will be active or will be processed?

What I mean is:

int g0/0

ip access-group 1 in
ip access-list standard 1

deny ip x.x.x.x

 .....some more IPs

 

Then I have another acl

int g0/0
ip access-group 2 in
ip access-list standard 2

deny ip y.y.y.y

 .....some more IPs

 

The two acl 1 and 2 are applied to int g0/0, direction is 'in'.

Both ACL will be processed? or only the newest one that was created and applied?

 

Thanks for any input.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnlloyd_13
Level 9
Level 9

‎08-08-2016 12:20 AM

hi,

there's a violation with your setup.

there's a rule of thumb which applies for ACL:

only one rule per protocol, per direction, per interface.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
johnlloyd_13
Level 9
Level 9

‎08-08-2016 12:20 AM

hi,

there's a violation with your setup.

there's a rule of thumb which applies for ACL:

only one rule per protocol, per direction, per interface.

0 Helpful

Go to solution
chrissnop
Level 1
Level 1
In response to johnlloyd_13

‎08-24-2016 01:35 AM

Thanks, Johnlloyd. :)

0 Helpful

Go to solution
BHconsultants88
Level 1
Level 1
In response to chrissnop

‎08-30-2016 02:13 AM

Hi guys, extremely sorry for hijacking this thread but it won't let me create a new discussion :-/

 

I wonder if someone can point me in the right direction. I'm setting up a lab with a more complex setup and am having issues I believe I've isolated to access list configuration on a VPN concentrator

 

Would a duplication of access rules prevent connection to a host? Here is the config I've put together, further information below:

 

Extended IP access list 2664

    10 permit ip 10.56.0.0 0.0.255.255 172.16.138.10 0.0.0.7 (62583 matches)

    20 permit ip 10.57.0.0 0.0.255.255 172.16.138.10 0.0.0.7

    30 permit ip 10.148.4.0 0.0.0.255 172.16.138.10 0.0.0.7 (7990 matches)

    40 permit ip 10.148.5.0 0.0.0.255 172.16.138.10 0.0.0.7 (5111 matches)

    50 permit ip 10.148.6.0 0.0.0.255 172.16.138.10 0.0.0.7

    60 permit ip 10.148.1.0 0.0.0.255 172.16.138.10 0.0.0.7 (8 matches)

    70 permit ip 10.148.4.0 0.0.0.255 172.16.166.20 0.0.0.7 (216 matches)

    80 permit ip 10.148.5.0 0.0.0.255 172.16.166.20 0.0.0.7 (87 matches)

    90 permit ip 10.148.6.0 0.0.0.255 172.16.166.20 0.0.0.7

    100 permit ip 10.148.1.0 0.0.0.255 172.16.166.20 0.0.0.7

Extended IP access list 2665

    10 permit ip 10.56.0.0 0.0.255.255 172.16.166.20 0.0.0.7 (731093 matches)

    20 permit ip 10.57.0.0 0.0.255.255 172.16.166.20 0.0.0.7

    30 permit ip 10.148.4.0 0.0.0.255 172.16.138.10 0.0.0.7

    40 permit ip 10.148.5.0 0.0.0.255 172.16.138.10 0.0.0.7

    50 permit ip 10.148.6.0 0.0.0.255 172.16.138.10 0.0.0.7

    60 permit ip 10.148.1.0 0.0.0.255 172.16.138.10 0.0.0.7

    70 permit ip 10.148.4.0 0.0.0.255 172.16.166.20 0.0.0.7

    80 permit ip 10.148.5.0 0.0.0.255 172.16.166.20 0.0.0.7

    90 permit ip 10.148.6.0 0.0.0.255 172.16.166.20 0.0.0.7

    100 permit ip 10.148.1.0 0.0.0.255 172.16.166.20 0.0.0.7

 

So, the two hosts I'm trying to connect to are 172.16.166.20 and 172.16.138.10

 

The subnets 10.56 and 10.57 can connect absolutely fine, which is why I'm thinking by duplicating the permit rules for 10.148.4.0, 10.148.5.0, 10.148.6.0 and 10.148.1.0 in both access lists, I'm somehow stopping this from working.

 

Assistance would be greatly appreciated.

0 Helpful
Customers Also Viewed These Support Documents