08-01-2012 05:04 PM - edited 03-07-2019 08:06 AM
Hi.I was wondering why the access-list below (from a practice test question) has the 10 and 40 permit commands when It ends with permit ip any any.
If there going to be permitted with the ip any any, what's the point of Issuing those specific commands? Is It for logging the hit counts ?
Extended IP access list stop-packets
10 permit tcp host 10.1.1.2 eq www any (12 matches)
20 deny udp host 10.1.1.1 10.1.2.0 0.0.0.255 (0 matches)
30 deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255 (3452 matches)
40 permit tcp 10.1.4.0 0.0.1.255 10.1.5.0 0.0.0.255 eq www any (3 matches)
70 permit ip any any (0 matches)
Solved! Go to Solution.
08-01-2012 08:24 PM
Without knowing more about the environment in which the access list was developed and in which it is used it is difficult to say with certainty why something was done. But the most logical explanation for the permit statements at 10 and at 40 was that they wanted to see the hit count for these particular types of traffic.
HTH
Rick
08-01-2012 11:38 PM
Hi,
Always ACL filtering happens in a sequence. Having the permit ip any any in the end will permit all the traffic except the deny ACL mentioned in the Line 20 or 30. However they could have made the ACL to have those 2 deny statements on the top and permit ip any any on the end. May be for a specific case they would have written that ACL for only http traffic from the specific hosts to be monitored or something. As far as we see there is no hits in the permit ip any any. So all the traffic is hitting only http port from those 2 lines.
If they do cut through proxy method all the denied traffic will bypass the proxy and permit statements will have the proxy authentication. But in this case am not sure cut through proxy will come in to the picture.
Please do rate if the given information helps.
By
Karthik
08-01-2012 08:24 PM
Without knowing more about the environment in which the access list was developed and in which it is used it is difficult to say with certainty why something was done. But the most logical explanation for the permit statements at 10 and at 40 was that they wanted to see the hit count for these particular types of traffic.
HTH
Rick
08-01-2012 11:38 PM
Hi,
Always ACL filtering happens in a sequence. Having the permit ip any any in the end will permit all the traffic except the deny ACL mentioned in the Line 20 or 30. However they could have made the ACL to have those 2 deny statements on the top and permit ip any any on the end. May be for a specific case they would have written that ACL for only http traffic from the specific hosts to be monitored or something. As far as we see there is no hits in the permit ip any any. So all the traffic is hitting only http port from those 2 lines.
If they do cut through proxy method all the denied traffic will bypass the proxy and permit statements will have the proxy authentication. But in this case am not sure cut through proxy will come in to the picture.
Please do rate if the given information helps.
By
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide