Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

acl

hi! if i add in a permit ip any any command at the bottom of a list of permit acl command on top, will the final result still be deny all for those ip not in the permit list on top of the permit ip any any command?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: acl

Hi

If you add a permit ip any any at the bottom of your acl and all you have are other "permit" statements above it then in effect you may as well not apply the access-list because you are not stopping any traffic.

There is an implict deny ip any any at the end of an access-list but if you put "permit ip any any" at the end then yu never get to the "deny" statement.

HTH

Jon

Re: acl

No, if you have a load of permits followed by permit ip any any, the net result is to permit anything at all.

Kevin Dorrell

Luxembourg

6 REPLIES
Hall of Fame Super Blue

Re: acl

Hi

If you add a permit ip any any at the bottom of your acl and all you have are other "permit" statements above it then in effect you may as well not apply the access-list because you are not stopping any traffic.

There is an implict deny ip any any at the end of an access-list but if you put "permit ip any any" at the end then yu never get to the "deny" statement.

HTH

Jon

New Member

Re: acl

hi! how about if i've a list of the following statement. Will the implicit deny still take effect? will the router block any tcp, icmp traffic in this case?

deny icmp any any

deny tcp any any

permit ip any any

Re: acl

No, if you have a load of permits followed by permit ip any any, the net result is to permit anything at all.

Kevin Dorrell

Luxembourg

New Member

Re: acl

hi! how about if i've a list of the following statement. Will the implicit deny still take effect? will the router block any tcp, icmp traffic in this case?

deny icmp any any

deny tcp any any

permit ip any any

Re: acl

In that case practically only UDP will be allowed. The ICMP and TCP will be blocked by the access-list. But the implicit deny will still not have any effect because the permit ip any any allows "anything else".

Kevin Dorrell

Luxembourg

Silver

Re: acl

Hi ,

Please check the below link which clears u r doubt and very useful.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

Cheers :)

184
Views
0
Helpful
6
Replies