cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
285
Views
0
Helpful
2
Replies

Basic ACL Questions

phershey
Level 1
Level 1

On a 2514 with 11.2 IOS, I'm trying to implement multiple ACL's to block all access to about 55 host addresses. I cannot seem to put them all into one ACL. When I do, the list just disappears, and I'm unclear on how properly to setup multiple lists of about 10 addresses each .

Does each list, say 101-105, need a "permit ip any any" at the end, or just the final list applied to the interface? Will the lists be processed in numerical order or in the order in which they're applied to the interface? I'm assuming that I would implement the lists inbound on the interface that has all the user machines for which I want to block these sites. All my PC's being on E0, I'll want to enter "ip access-group 101 in" for all the lists through 105, correct?

I purchased the Cisco Field Guide for Access Lists, but I cannot find anything about how multiple lists are processed. If there's a good resource online with the info I need, I'll really appreciate help finding it.

My thanks in advance.

Phil Hershey

2 Replies 2

michael-faust
Level 1
Level 1

Each interface is allowed one ACL per protocol, per direction. Build a single access list and apply it to the interface.

Thank you!

You'd think Cisco would have put that someplace prominent in their Access Lists Field Guide. :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: