11-10-2008 10:42 AM - edited 03-04-2019 12:16 AM
Hello,
I am creating the following route-maps. I am sure my understanding is correct, but wanted to be very sure.
I am creating following route-maps.
route-map Router1_to_Router2export permit
match ip address Router1_to_Router2
ip access-list standard Router1_to_Router1
permit 192.168.0.0 0.0.0.255
So in the above i am only sending from Router # 1 to Router # 2 192.168.0.0/24 and nothing else. So after permit statement it will automatically have deny any any...So far right..
Now if i leave "ip access-list standard Router1_to_Router1
" blank like this ...then it means send everything or permit any ...Right so far...kindly confirm I will appreciate...
Thanks
ip access-list standard Router1_to_Router1
Solved! Go to Solution.
11-10-2008 11:33 AM
Syed
I believe that you are correct. If the access list is empty then everything is permitted. As soon as there is the first statement in the access list then there is the implicit deny any at the bottom that will deny anything that is not permitted.
HTH
Rick
11-10-2008 11:01 AM
If I understand your question, when you create an acl with a "blank" entry, then it's going to deny anything and everything.
--John
11-10-2008 11:23 AM
The behavior when you assign an access list to an interface and the access list is empty changed. The old behavior was as John describes it and everything was denied (it enforced the implicit deny any at the bottom). Quite a while ago the behavior changed and now if you apply an empty (blank) access list to an interface it will permit everything. I assume that the behavior is the same in the route map.
HTH
Rick
11-10-2008 11:25 AM
I didn't realize they changed it. :-) I remember doing that by accident one day and all of my traffic came to a halt outbound.
Thanks Rick!
John
11-10-2008 11:30 AM
John
no problem. You would think that the old behavior (deny everything) was more logically consistent. I am guessing that enough people made that mistake that Cisco changed and helps protect us from that error.
HTH
Rick
11-10-2008 11:29 AM
Hello,
So in my Scenario, if i have an access-list and nothing is defined under it, then in my understanding it's all PERMIT. But if the access-list has even 1 permit statement under it and that access-list is under the Route-map then only that permit statement will be allowed and everything else will be denied...Right...as per my Question above..
Thanks.,..
11-10-2008 11:33 AM
Syed
I believe that you are correct. If the access list is empty then everything is permitted. As soon as there is the first statement in the access list then there is the implicit deny any at the bottom that will deny anything that is not permitted.
HTH
Rick
11-10-2008 11:34 AM
Rick...thanks so much ....appreciate it.
11-10-2008 11:51 AM
Syed
I am glad that the responses from John and me were helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there were responses which did resolve the question.
The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: