ACL could be applied to access class on vty to limit ssh/telnet access. It
could be applied to applied ti a login-block (quiet-mode) for bypassing
timeouts when accessing vty lines. It could be used for multicast rp's. It
could be used to identify addressing that should be NAT'd. It could be used
to capture interesting crypto traffic for a VPN tunne. I think the list can
continue to grow on use of ACLs on router. They are used often with
multiple purpose. We need more detail about the ACL to know if it is being
used or not.
Regards,
Marc
On Tuesday, April 10, 2012, Joe Sanchez wrote:
> An ACL could also we utilized to control the packets that the router is
> generating it's self and this would be applied globally. This could be
> done for security reasons.
>
> Regards,
> Joe Sanchez
>
> On Apr 10, 2012, at 1:13 AM, Arista Wirawan <aristaw_at_gmail.com> wrote:
>
> > Fyi, Acl can also be applied in control-plane
> > On Apr 10, 2012 1:56 PM, "Myung-Soo Ko" <bacchus21_at_gmail.com> wrote:
> >
> >> Of course. I know. I'm talking about it in a packet filtering point of
> >> view. I'm not talking about qos or route-map.
> >>
> >> Regards,
> >> MS
> >>
> >> On Tue, Apr 10, 2012 at 2:42 PM, Shaughn <maniac.smg_at_gmail.com> wrote:
> >>
> >>> Why is that strange ?
> >>>
> >>> The ACL could be being used for many other things like QOS
> >> classification,
> >>> Route-map etc
> >>>
> >>> CCIE # 23962 (SP)
> >>>
> >>> Sent from my iPhone
> >>>
> >>> On 10 Apr 2012, at 7:18 AM, Myung-Soo Ko <bacchus21_at_gmail.com> wrote:
> >>>
> >>>> ip access-group 1 in was missing in interface configuration mode.
> >>>>
> >>>> Regards,
> >>>> MS
> >>>>
> >>>> On Tue, Apr 10, 2012 at 2:16 PM, GAURAV MADAN <
> >> gauravmadan1177_at_gmail.com
> >>>> wrote:
> >>>>
> >>>>> What strange thing did you saw ?
> >>>>>
> >>>>> On Mon, Apr 9, 2012 at 3:08 PM, Myung-Soo Ko <bacchus21_at_gmail.com>
> >>> wrote:
> >>>>>
> >>>>>> Hello, Group
> >>>>>>
> >>>>>> Sorry for asking such a basic question but I need clarification.
> >>>>>>
> >>>>>> Is it possible to make ACL effective without access-group command?
> >>>>>>
> >>>>>> For example, ACL configuration works in the following way.
> >>>>>>
> >>>>>> access-list 1 permit 192.168.1.0 0.0.0.255
> >>>>>> int fa 0/0
> >>>>>> ip access-group 1 in
> >>>>>>
> >>>>>> For the configuration above, is it possible to make access-list 1
> >> work
> >>>>>> without " ip access-group 1 in"?
> >>>>>>
> >>>>>> I think it's not possible, but I found strange configuration in
> >>> production
> >>>>>> environment.
> >>>>>>
> >>>>>> Thanks in advance,
> >>>>>>
> >>>>>> Regards,
> >>>>>> Myung-Soo
> >>>>>>
> >>>>>>
> >>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>
> >>>>>>
> >> _______________________________________________________________________
> >>>>>> Subscription information may be found at:
> >>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ____________________________________________________________
Blogs and organic groups at http://www.ccie.net
Received on Tue Apr 10 2012 - 06:53:18 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART