From: Earl Aboytes (earl@xxxxxxxxxxxx)
Date: Sat Aug 26 2000 - 02:22:03 GMT-3
The best use of this command is one that I think is very important in the
lab. If you ever configure an access list in the lab, put the "deny all"
statement with the log keyword at the end. If traffic tries to come through
on a certain protocol, like 47, or on a port, like 2065, you will get an
error message. This way you don't need to remember all those ports and
protocol numbers. I don't know about you, but I can't remember all those
numbers! Try it in your lab it works great.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Earl Aboytes CCIE #6097
Senior Technical Consultant
GTE Managed Solutions
805-381-8817
earl.aboytes@verizon.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Dave
Gingrich
Sent: Friday, August 25, 2000 3:03 PM
To: Padhu@steinroe.com
Cc: ccielab@groupstudy.com
Subject: Re: Access list with explicit deny all at the end
At 16:34 8/25/00 -0500, Padhu@steinroe.com wrote:
>Some of the sample cisco configurations i have come across have any
explicit
>deny any at the end.
>What is the purpose of reinforcing this when by default thats the behavior
?
It will prevent anyone from adding to the access-list without first
deleting it.
-dg
=========================
David C. Gingrich, K9DC
Indianapolis, Indiana
Dave@dcg.org
=========================
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:30 GMT-3