Solved: 8.3 Global Access Policy Question

justintime · ‎04-13-2010

Per the release notes:

If the configuration specifies both a global access policy and interface-specific access policies, the interface-specific policies are evaluated before the global policy.

How does this work with the implicit deny rules on an interface? I'm assuming that it evalutes all the user-defined access rules on the interface, but doesn't run it through the implicit deny all on the interface, then runs it through the global policy. If nothing matches in the global scope, then an implicit deny is matched at the end of the global policy - is this correct?

Panos Kampanakis · ‎04-13-2010

You are correct.

There is not implicit deny on the interface ACL if there is a global ACL defined.

I hope it helps.

PK

View solution in original post

Panos Kampanakis · ‎04-13-2010

You are correct.

There is not implicit deny on the interface ACL if there is a global ACL defined.

I hope it helps.

PK

justintime · ‎04-14-2010

Excellent - my testing looked like that was the case, but I just wanted confirmation. Thanks so much.