Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3120
Views
0
Helpful
2
Replies

Permit Access-list command followed by permit ip any any

Go to solution
Reprovoid
Level 1
Level 1

‎08-01-2012 05:04 PM - edited ‎03-07-2019 08:06 AM

Hi.I was wondering why the access-list below (from a practice test question) has the 10 and 40 permit commands when It ends with permit ip any any.

  If there going to be permitted with the ip any any, what's the point of Issuing those specific commands? Is It for logging the hit counts ?

      

Extended IP access list stop-packets

   10 permit tcp host 10.1.1.2 eq www any (12 matches)

   20 deny   udp host 10.1.1.1 10.1.2.0 0.0.0.255 (0 matches)

   30 deny   ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255 (3452 matches)

   40 permit tcp 10.1.4.0 0.0.1.255 10.1.5.0 0.0.0.255 eq www any (3 matches)

   70 permit ip any any (0 matches)

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-01-2012 08:24 PM

Without knowing more about the environment in which the access list was developed and in which it is used it is difficult to say with certainty why something was done. But the most logical explanation for the permit statements at 10 and at 40 was that they wanted to see the hit count for these particular types of traffic.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7

‎08-01-2012 11:38 PM

Hi,

Always ACL filtering happens in a sequence. Having the permit ip any any in the end will permit all the traffic except the deny ACL mentioned in the Line 20 or 30. However they could have made the ACL to have those 2 deny statements on the top and permit ip any any on the end. May be for a specific case they would have written that ACL for only http traffic from the specific hosts to be monitored or something. As far as we see there is no hits in the permit ip any any. So all the traffic is hitting only http port from those 2 lines.

If they do cut through proxy method all the denied traffic will bypass the proxy and permit statements will have the proxy authentication. But in this case am not sure cut through proxy will come in to the picture.

Please do rate if the given information helps.

By

Karthik

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎08-01-2012 08:24 PM

Without knowing more about the environment in which the access list was developed and in which it is used it is difficult to say with certainty why something was done. But the most logical explanation for the permit statements at 10 and at 40 was that they wanted to see the hit count for these particular types of traffic.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7

‎08-01-2012 11:38 PM

Hi,

Always ACL filtering happens in a sequence. Having the permit ip any any in the end will permit all the traffic except the deny ACL mentioned in the Line 20 or 30. However they could have made the ACL to have those 2 deny statements on the top and permit ip any any on the end. May be for a specific case they would have written that ACL for only http traffic from the specific hosts to be monitored or something. As far as we see there is no hits in the permit ip any any. So all the traffic is hitting only http port from those 2 lines.

If they do cut through proxy method all the denied traffic will bypass the proxy and permit statements will have the proxy authentication. But in this case am not sure cut through proxy will come in to the picture.

Please do rate if the given information helps.

By

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card