[c-nsp] Applying ACL
Gert Doering
gert at greenie.muc.de
Thu May 31 02:35:02 EDT 2007
Hi,
On Wed, May 30, 2007 at 01:33:21PM -0700, Kevin Graham wrote:
> If you are wiping them out, you should always remove them to be safe
> (even if weren't default-deny behavior when missing, there is an
> unavoidable window between creation and completion).
Just to correct this small bit: default in IOS for packet ACLs is
"default-permit" *if the ACL is completely missing*.
But usually you're dead in the water as soon as you copy-and-paste a
new version of the ACL and the first line gets active, prohibiting any
further lines to go through...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list