Solved: Re: Very simple ACL question

mac1234 · ‎03-02-2018

This is such a simple question but I can't find the simple answer!

Does an ACL need to be assigned to an interface (or VTY) in order for it to take affect?

For example, If i have the following in my global config:

access-list 2001 permit udp any eq bootps host 192.168.1.100

access-list 2001 permit tcp any host 192.168.1.100

access-list 2001 permit whatever whatever

and the above acl 2001 is not assigned to an interface anywhere, does ACL 2001 have any affect at all?

acampbell · ‎03-02-2018

Hi,

You have just prepared an access list, it will be ineffective until you apply it to an interface something like this

interface gi0/0/1

ip access-group 2001 out

Here is good link that explains access lists better than I can.

Regards, Alex. Please rate useful posts.

acampbell · ‎03-02-2018

Hi,

You have just prepared an access list, it will be ineffective until you apply it to an interface something like this

interface gi0/0/1

ip access-group 2001 out

Here is good link that explains access lists better than I can.

Regards, Alex. Please rate useful posts.

mac1234 · ‎03-02-2018

Excellent, thanks for the answer.

Jon Marshall · ‎03-02-2018

If you cannot find any reference to the acl in your configuration it is safe to say it is not being used.

Worth noting acls can be used for things other than controlling traffic but still it would be referenced somewhere in the configuration.

Jon