Re: Access List for router

SANTHOSHKUMAR SARAVANAN · ‎10-05-2009

If write a Extended or Standard ACL on a router , mentioning 5 lines including deny or permit ip traffic, at the end of ACL if i forget to write permit ip any any . whether it will assign deny ip any any as default command at the end of ACL or permit ip any any as a default command .

In firewall the ACL at last as a default is deny ip any any . wht is default in case of router.Thank you

Hitesh Vinzoda · ‎10-05-2009

It doesnt matter whether it is a router, switch or firewall, whenever you create an ACL there is always implicit "deny ip any any" at the end.

Even if you add permit ip any any at the end of the ACL. There will be implicit deny ip any any following it.

HTH

H Vinzoda

Peter Paluch · ‎10-05-2009

Hello Santhoshkumar,

At the end of every ACL, be it on router, firewall or a switch manufactured by Cisco, there is an implicit (invisible) deny any clause. This is simply how the ACLs are implemented throughout the Cisco product portfolio. Any ACL is by default of the form "everything that is not permitted explicitely will be dropped implicitely".

Best regards,

Peter

Wouter Prins · ‎10-08-2009

hi sanvaishu,

the default is implicit deny for acl's no matter what types they are. One of the reasons why you would want to add a deny any any would be for a 'log' statement, so you can actually see whats being dropped.