default rule for an applied access list

Unanswered Question
Mar 1st, 2007


I wonder what is the default rule when there is no access list created but the access list is created to the interface.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
smothuku Thu, 03/01/2007 - 00:14

Hi Christina ,

Applying access-list to interface without access-list is no use.

It doesn't have any impact.



Richard Burts Thu, 03/01/2007 - 04:44


If ip access-group is configured on an interface but the access list referred to does not exist, there are some old versions of IOS that would enforce the default deny any. But it has been the action of IOS for a long time that if the access list does not exist to permit any.

Be aware that as soon as the access list exists with a single statement that there is also the default deny any. This may become an issue if you are doing maintenance on an access list and have removed it so you can rebuild it. When you remove it, the action becomes permit any. But when you add the first statement to rebuild it there is a deny any at the end of the access list.




This Discussion