Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

default rule for an applied access list

Hi,

I wonder what is the default rule when there is no access list created but the access list is created to the interface.

Thanks.

Christina

2 REPLIES
Silver

Re: default rule for an applied access list

Hi Christina ,

Applying access-list to interface without access-list is no use.

It doesn't have any impact.

HTH

satish

Hall of Fame Super Silver

Re: default rule for an applied access list

Christina

If ip access-group is configured on an interface but the access list referred to does not exist, there are some old versions of IOS that would enforce the default deny any. But it has been the action of IOS for a long time that if the access list does not exist to permit any.

Be aware that as soon as the access list exists with a single statement that there is also the default deny any. This may become an issue if you are doing maintenance on an access list and have removed it so you can rebuild it. When you remove it, the action becomes permit any. But when you add the first statement to rebuild it there is a deny any at the end of the access list.

HTH

Rick

391
Views
4
Helpful
2
Replies
CreatePlease to create content