[c-nsp] Applying ACL
Mark Tinka
mtinka at africaonline.co.zw
Thu May 31 03:13:27 EDT 2007
On Thursday 31 May 2007 08:35, Gert Doering wrote:
> Just to correct this small bit: default in IOS for packet
> ACLs is "default-permit" *if the ACL is completely
> missing*.
>
> But usually you're dead in the water as soon as you
> copy-and-paste a new version of the ACL and the first line
> gets active, prohibiting any further lines to go through...
Apart from areas in IOS where named ACL's are not supported, I
find them to be the most efficient for this or any kind of
traffic filtering situation (the use of sequence numbers).
Having to remove an ACL, edit it, and put it back risking loss
of traffic or connectivity to the box itself is not my idea
of fun :-).
It's a good thing v6 ACL's in IOS only support this structure.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20070531/d6fffe63/attachment.bin
More information about the cisco-nsp
mailing list