cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1500
Views
0
Helpful
8
Replies

Route-Map Access-list !!!

shassan655
Level 1
Level 1

Hello,

I am creating the following route-maps. I am sure my understanding is correct, but wanted to be very sure.

I am creating following route-maps.

route-map Router1_to_Router2export permit

match ip address Router1_to_Router2

ip access-list standard Router1_to_Router1

permit 192.168.0.0 0.0.0.255

So in the above i am only sending from Router # 1 to Router # 2 192.168.0.0/24 and nothing else. So after permit statement it will automatically have deny any any...So far right..

Now if i leave "ip access-list standard Router1_to_Router1

" blank like this ...then it means send everything or permit any ...Right so far...kindly confirm I will appreciate...

Thanks

ip access-list standard Router1_to_Router1

1 Accepted Solution

Accepted Solutions

Syed

I believe that you are correct. If the access list is empty then everything is permitted. As soon as there is the first statement in the access list then there is the implicit deny any at the bottom that will deny anything that is not permitted.

HTH

Rick

HTH

Rick

View solution in original post

8 Replies 8

John Blakley
VIP Alumni
VIP Alumni

If I understand your question, when you create an acl with a "blank" entry, then it's going to deny anything and everything.

--John

HTH, John *** Please rate all useful posts ***

The behavior when you assign an access list to an interface and the access list is empty changed. The old behavior was as John describes it and everything was denied (it enforced the implicit deny any at the bottom). Quite a while ago the behavior changed and now if you apply an empty (blank) access list to an interface it will permit everything. I assume that the behavior is the same in the route map.

HTH

Rick

HTH

Rick

I didn't realize they changed it. :-) I remember doing that by accident one day and all of my traffic came to a halt outbound.

Thanks Rick!

John

HTH, John *** Please rate all useful posts ***

John

no problem. You would think that the old behavior (deny everything) was more logically consistent. I am guessing that enough people made that mistake that Cisco changed and helps protect us from that error.

HTH

Rick

HTH

Rick

Hello,

So in my Scenario, if i have an access-list and nothing is defined under it, then in my understanding it's all PERMIT. But if the access-list has even 1 permit statement under it and that access-list is under the Route-map then only that permit statement will be allowed and everything else will be denied...Right...as per my Question above..

Thanks.,..

Syed

I believe that you are correct. If the access list is empty then everything is permitted. As soon as there is the first statement in the access list then there is the implicit deny any at the bottom that will deny anything that is not permitted.

HTH

Rick

HTH

Rick

Rick...thanks so much ....appreciate it.

Syed

I am glad that the responses from John and me were helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there were responses which did resolve the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco