04-26-2016 08:35 PM - edited 03-05-2019 03:54 AM
hello guys, if I already have an standard ACL applied to an interface. Is it still possible to create an extended ACL and apply it to the same interface?
Thank you.
Solved! Go to Solution.
04-26-2016 10:38 PM
Hi,
you can have only one ACL on interface in each direction.
But you can rewrite standard ACL into extended ACL.
Only difference is that standard ACl checks only source address and extended ACL checks source and destination address too.
So if you have standard ACL record
permit 10.1.1.0 0.0.0.255
the equivalent for extended ACL will be
permit ip 10.1.1.0 0.0.0.255 any
Then you can apply extended ACL on interface instead of standard ACL.
04-26-2016 10:38 PM
Hi,
you can have only one ACL on interface in each direction.
But you can rewrite standard ACL into extended ACL.
Only difference is that standard ACl checks only source address and extended ACL checks source and destination address too.
So if you have standard ACL record
permit 10.1.1.0 0.0.0.255
the equivalent for extended ACL will be
permit ip 10.1.1.0 0.0.0.255 any
Then you can apply extended ACL on interface instead of standard ACL.
05-04-2016 11:01 PM
Thanks Milos. :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide