From: David L Stewart (D.Stewart@xxxxxxxxxxxxxxx)
Date: Sat Aug 26 2000 - 08:40:00 GMT-3
Padhu,
WIth the "deny all" at the end, the router collects statistics
on how many times it was used. You should not use the explicit
deny all at the end unless you really want to track the numbers
since it does use CPU time and memory. To see how many times
the deny all (or other access lists) are used, just use the
"show access-list" command.
This is an access server that has an anti-spoof ACL. You can
see that there were 5788 spoofed packets that were stopped by
this ACL. (The name and IP number were changed in the example)
Dialup26#sh access-list 155
Extended IP access list 155
permit ip 129.73.46.0 0.0.0.255 any (1397099 matches)
deny ip any any (5788 matches)
Dialup26#
Dave
- - - - -
At 04:34 PM 8/25/00, Padhu@steinroe.com wrote:
>Some of the sample cisco configurations i have come across have any explicit
>deny any at the end.
>What is the purpose of reinforcing this when by default thats the behavior ?
>
>Cheers,Padhu
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:30 GMT-3