RE: ACL fewest numbers of lines

From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Wed Jul 17 2002 - 20:41:47 GMT-3

• Next message: John Mistichelli: "RE: OSPF 's cost and metric"
• Previous message: John Mistichelli: "Re: DLSW and Border Peers Questions"
• Maybe in reply to: Alex: "ACL fewest numbers of lines"
• Next in thread: Brian Dennis: "RE: ACL fewest numbers of lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
This is actually a real "gottcha" that bites you more in real life than
in the practice labs. On a practice lab you can more or less do things
in any order, but it is not uncommon to make the mistake of applying
the access list to an interface. So far, so good. Then as soon as you
create one line, the implicit deny cuts off everyone's access.
Including your telnet session. Now you have to get to the router, and
fast, and get a console hooked up.

Anthony Pace

On Tue, 16 Jul 2002 22:00:04 -0700, "Brian Dennis" <brian@5g.net> said:
> Todd,
> Do you mean apply the "ip access-group x" command to an interface? If
> so
> there isn't an implicit deny. If the access-list doesn't exist in the
> global configuration all traffic is permitted.
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Todd Veillette
> Sent: Tuesday, July 16, 2002 9:37 PM
> To: ccielab@groupstudy.com
> Subject: Re: ACL fewest numbers of lines
>
> For that matter, just apply an acl not in use, implict deny.
>
> No lines.
>
> -Todd
>
> ----- Original Message -----
> From: "Brian Dennis" <brian@5g.net>
> To: "'Scott Morris'" <swm@emanon.com>; "'Alex'" <afayn@yahoo.com>;
> <ccielab@groupstudy.com>
> Sent: Tuesday, July 16, 2002 6:09 PM
> Subject: RE: ACL fewest numbers of lines
>
>
> > It might be a trick question. Read what it said, "Create an access
> list
> > with the fewest numbers of lines to deny". Since it doesn't say
> anything
> > about permitting other traffic here's my answer ;-)
> >
> > access-list 1 deny any
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial)
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Scott Morris
> > Sent: Tuesday, July 16, 2002 2:30 PM
> > To: 'Alex'; ccielab@groupstudy.com
> > Subject: RE: ACL fewest numbers of lines
> >
> > Nope. Three lines is the best possible way to do it.
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Alex
> > Sent: Tuesday, July 16, 2002 5:02 PM
> > To: ccielab@groupstudy.com
> > Subject: ACL fewest numbers of lines
> >
> >
> > Requirement:
> >
> > Create an access list with the fewest numbers of lines to deny.
> >
> > 140.199.57.0
> > 161.199.57.0
> > 201.59.1.0
> > 201.63.1.0
> >
> > I can do it in 3 lines but I believe that there is a way to do it in 1
> > line? any body know?

• Next message: John Mistichelli: "RE: OSPF 's cost and metric"
• Previous message: John Mistichelli: "Re: DLSW and Border Peers Questions"
• Maybe in reply to: Alex: "ACL fewest numbers of lines"
• Next in thread: Brian Dennis: "RE: ACL fewest numbers of lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:34 GMT-3