From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Wed Jul 17 2002 - 22:54:04 GMT-3
This is true, What I said would not apply to an access-list which was
going to contain the first line "access-list 100 permit ip any any". It
also would not happen if the access-list was to be applied outbound.
Anthony Pace
On Wed, 17 Jul 2002 18:21:21 -0700, "Brian Dennis" <brian@5g.net> said:
> What if the first line is:
>
> access-list 100 permit ip any any
> or
> access-list 100 permit tcp any any
> or
> access-list 100 permit tcp any eq 23 any
> or
> what if the access-list is applied outbound?
>
> ;-)
>
> If I'm ever working on a router remotely and only have one way in I
> usually setup a timed reload on the router in case I get knocked off.
> Not that a CCIE would ever lock themselves out of a router ;-)
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial)
>
>
>
> -----Original Message-----
> From: Anthony Pace [mailto:anthonypace@fastmail.fm]
> Sent: Wednesday, July 17, 2002 4:42 PM
> To: Brian Dennis; ccielab@groupstudy.com
> Subject: RE: ACL fewest numbers of lines
>
> This is actually a real "gottcha" that bites you more in real life than
> in the practice labs. On a practice lab you can more or less do things
> in any order, but it is not uncommon to make the mistake of applying
> the access list to an interface. So far, so good. Then as soon as you
> create one line, the implicit deny cuts off everyone's access.
> Including your telnet session. Now you have to get to the router, and
> fast, and get a console hooked up.
>
> Anthony Pace
>
>
>
> On Tue, 16 Jul 2002 22:00:04 -0700, "Brian Dennis" <brian@5g.net> said:
> > Todd,
> > Do you mean apply the "ip access-group x" command to an interface? If
> > so
> > there isn't an implicit deny. If the access-list doesn't exist in the
> > global configuration all traffic is permitted.
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial)
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Todd Veillette
> > Sent: Tuesday, July 16, 2002 9:37 PM
> > To: ccielab@groupstudy.com
> > Subject: Re: ACL fewest numbers of lines
> >
> > For that matter, just apply an acl not in use, implict deny.
> >
> > No lines.
> >
> > -Todd
> >
> > ----- Original Message -----
> > From: "Brian Dennis" <brian@5g.net>
> > To: "'Scott Morris'" <swm@emanon.com>; "'Alex'" <afayn@yahoo.com>;
> > <ccielab@groupstudy.com>
> > Sent: Tuesday, July 16, 2002 6:09 PM
> > Subject: RE: ACL fewest numbers of lines
> >
> >
> > > It might be a trick question. Read what it said, "Create an access
> > list
> > > with the fewest numbers of lines to deny". Since it doesn't say
> > anything
> > > about permitting other traffic here's my answer ;-)
> > >
> > > access-list 1 deny any
> > >
> > > Brian Dennis, CCIE #2210 (R&S/ISP Dial)
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > Scott Morris
> > > Sent: Tuesday, July 16, 2002 2:30 PM
> > > To: 'Alex'; ccielab@groupstudy.com
> > > Subject: RE: ACL fewest numbers of lines
> > >
> > > Nope. Three lines is the best possible way to do it.
> > >
> > > Scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > Alex
> > > Sent: Tuesday, July 16, 2002 5:02 PM
> > > To: ccielab@groupstudy.com
> > > Subject: ACL fewest numbers of lines
> > >
> > >
> > > Requirement:
> > >
> > > Create an access list with the fewest numbers of lines to deny.
> > >
> > > 140.199.57.0
> > > 161.199.57.0
> > > 201.59.1.0
> > > 201.63.1.0
> > >
> > > I can do it in 3 lines but I believe that there is a way to do it in
> 1
> > > line? any body know?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:35 GMT-3