Re: Empty Access List

pushkar1782 · ‎09-29-2006

Dear all ,

I wonder what would an empty access list on a cisco router behave like , I know if there is any statement in it and all other is implicit deny , but what if we dont write anything in it ..

Eg :

(Conf)# ip access-list {extended|standard} "name"

---- Go to interface s0/0 ----

ip access-group "name" out

Notice there is no statement inside the named access list , Will implicitly deny rule apply to this case or not ..

appreciate you reply

Prs

scottmac · ‎09-29-2006

If you create an access list and apply it (with an access-group), the implicit deny is active.

Simply creating an access-list has no effect. Once you apply it, it's active, empty or not.

Good Luck

Scott

rajinikanth · ‎09-29-2006

Hi,

An interface with an empty access list applied to it permits all traffic.

HTH,

Thanks

Raj

juanfaure · ‎11-02-2022

Hi, what happen if you applied a not created access-list to an interface? Does it Allow all the traffic?

Richard Burts · ‎11-02-2022

The behavior for access-class when the specified access list is empty (or does not exist) has changed over time. In some (quite early) versions of IOS the default behavior was followed and all traffic was denied. In most versions of IOS (in its various flavors) has been that an empty (or non existent) access list results in all traffic being permitted.

HTH

Rick