From: Brian Dennis (brian@xxxxxx)
Date: Wed Jul 17 2002 - 22:21:21 GMT-3
What if the first line is:
access-list 100 permit ip any any
or
access-list 100 permit tcp any any
or
access-list 100 permit tcp any eq 23 any
or
what if the access-list is applied outbound?
;-)
If I'm ever working on a router remotely and only have one way in I
usually setup a timed reload on the router in case I get knocked off.
Not that a CCIE would ever lock themselves out of a router ;-)
Brian Dennis, CCIE #2210 (R&S/ISP Dial)
-----Original Message-----
From: Anthony Pace [mailto:anthonypace@fastmail.fm]
Sent: Wednesday, July 17, 2002 4:42 PM
To: Brian Dennis; ccielab@groupstudy.com
Subject: RE: ACL fewest numbers of lines
This is actually a real "gottcha" that bites you more in real life than
in the practice labs. On a practice lab you can more or less do things
in any order, but it is not uncommon to make the mistake of applying
the access list to an interface. So far, so good. Then as soon as you
create one line, the implicit deny cuts off everyone's access.
Including your telnet session. Now you have to get to the router, and
fast, and get a console hooked up.
Anthony Pace
On Tue, 16 Jul 2002 22:00:04 -0700, "Brian Dennis" <brian@5g.net> said:
> Todd,
> Do you mean apply the "ip access-group x" command to an interface? If
> so
> there isn't an implicit deny. If the access-list doesn't exist in the
> global configuration all traffic is permitted.
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Todd Veillette
> Sent: Tuesday, July 16, 2002 9:37 PM
> To: ccielab@groupstudy.com
> Subject: Re: ACL fewest numbers of lines
>
> For that matter, just apply an acl not in use, implict deny.
>
> No lines.
>
> -Todd
>
> ----- Original Message -----
> From: "Brian Dennis" <brian@5g.net>
> To: "'Scott Morris'" <swm@emanon.com>; "'Alex'" <afayn@yahoo.com>;
> <ccielab@groupstudy.com>
> Sent: Tuesday, July 16, 2002 6:09 PM
> Subject: RE: ACL fewest numbers of lines
>
>
> > It might be a trick question. Read what it said, "Create an access
> list
> > with the fewest numbers of lines to deny". Since it doesn't say
> anything
> > about permitting other traffic here's my answer ;-)
> >
> > access-list 1 deny any
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial)
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Scott Morris
> > Sent: Tuesday, July 16, 2002 2:30 PM
> > To: 'Alex'; ccielab@groupstudy.com
> > Subject: RE: ACL fewest numbers of lines
> >
> > Nope. Three lines is the best possible way to do it.
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Alex
> > Sent: Tuesday, July 16, 2002 5:02 PM
> > To: ccielab@groupstudy.com
> > Subject: ACL fewest numbers of lines
> >
> >
> > Requirement:
> >
> > Create an access list with the fewest numbers of lines to deny.
> >
> > 140.199.57.0
> > 161.199.57.0
> > 201.59.1.0
> > 201.63.1.0
> >
> > I can do it in 3 lines but I believe that there is a way to do it in
1
> > line? any body know?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:35 GMT-3