08-26-2002 05:00 AM - edited 03-02-2019 12:54 AM
On a 2514 with 11.2 IOS, I'm trying to implement multiple ACL's to block all access to about 55 host addresses. I cannot seem to put them all into one ACL. When I do, the list just disappears, and I'm unclear on how properly to setup multiple lists of about 10 addresses each .
Does each list, say 101-105, need a "permit ip any any" at the end, or just the final list applied to the interface? Will the lists be processed in numerical order or in the order in which they're applied to the interface? I'm assuming that I would implement the lists inbound on the interface that has all the user machines for which I want to block these sites. All my PC's being on E0, I'll want to enter "ip access-group 101 in" for all the lists through 105, correct?
I purchased the Cisco Field Guide for Access Lists, but I cannot find anything about how multiple lists are processed. If there's a good resource online with the info I need, I'll really appreciate help finding it.
My thanks in advance.
Phil Hershey
08-26-2002 05:03 AM
Each interface is allowed one ACL per protocol, per direction. Build a single access list and apply it to the interface.
08-26-2002 07:05 AM
Thank you!
You'd think Cisco would have put that someplace prominent in their Access Lists Field Guide. :-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: