cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1023
Views
0
Helpful
3
Replies

Very simple ACL question

mac1234
Level 1
Level 1

This is such a simple question but I can't find the simple answer!

 

Does an ACL need to be assigned to an interface (or VTY) in order for it to take affect?

 

For example, If i have the following in my global config:

access-list 2001 permit udp any eq bootps host 192.168.1.100

access-list 2001 permit tcp any host 192.168.1.100

access-list 2001 permit whatever whatever

 

and the above acl 2001 is not assigned to an interface anywhere, does ACL 2001 have any affect at all?

1 Accepted Solution

Accepted Solutions

acampbell
VIP Alumni
VIP Alumni

Hi,

You have just prepared an access list, it will be ineffective until you apply it to an interface something like this

 

interface gi0/0/1

ip access-group 2001 out

 

Here is good link that explains access lists better than I can.

 

https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacls.pdf

 

 

Regards, Alex. Please rate useful posts.

View solution in original post

3 Replies 3

acampbell
VIP Alumni
VIP Alumni

Hi,

You have just prepared an access list, it will be ineffective until you apply it to an interface something like this

 

interface gi0/0/1

ip access-group 2001 out

 

Here is good link that explains access lists better than I can.

 

https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacls.pdf

 

 

Regards, Alex. Please rate useful posts.

Excellent, thanks for the answer.

Jon Marshall
Hall of Fame
Hall of Fame

 

If you cannot find any reference to the acl in your configuration it is safe to say it is not being used. 

 

Worth noting acls can be used for things other than controlling traffic but still it would be referenced somewhere in the configuration. 

 

Jon

Review Cisco Networking for a $25 gift card