Re: Basic Access List Question

On another note. I suggest logging hits to ACL before removing. This
includes an explicit deny at the end with log. That way you will find out
for sure if it is used or not.

HTH

Marc

On Tue, Apr 10, 2012 at 6:53 AM, marc edwards <renorider_at_gmail.com> wrote:

> ACL could be applied to access class on vty to limit ssh/telnet access. It
> could be applied to applied ti a login-block (quiet-mode) for bypassing
> timeouts when accessing vty lines. It could be used for multicast rp's. It
> could be used to identify addressing that should be NAT'd. It could be used
> to capture interesting crypto traffic for a VPN tunne. I think the list can
> continue to grow on use of ACLs on router. They are used often with
> multiple purpose. We need more detail about the ACL to know if it is being
> used or not.
>
> Regards,
>
> Marc
>
>
> On Tuesday, April 10, 2012, Joe Sanchez wrote:
>
>> An ACL could also we utilized to control the packets that the router is
>> generating it's self and this would be applied globally. This could be
>> done for security reasons.
>>
>> Regards,
>> Joe Sanchez
>>
>> On Apr 10, 2012, at 1:13 AM, Arista Wirawan <aristaw_at_gmail.com> wrote:
>>
>> > Fyi, Acl can also be applied in control-plane
>> > On Apr 10, 2012 1:56 PM, "Myung-Soo Ko" <bacchus21_at_gmail.com> wrote:
>> >
>> >> Of course. I know. I'm talking about it in a packet filtering point of
>> >> view. I'm not talking about qos or route-map.
>> >>
>> >> Regards,
>> >> MS
>> >>
>> >> On Tue, Apr 10, 2012 at 2:42 PM, Shaughn <maniac.smg_at_gmail.com> wrote:
>> >>
>> >>> Why is that strange ?
>> >>>
>> >>> The ACL could be being used for many other things like QOS
>> >> classification,
>> >>> Route-map etc
>> >>>
>> >>> CCIE # 23962 (SP)
>> >>>
>> >>> Sent from my iPhone
>> >>>
>> >>> On 10 Apr 2012, at 7:18 AM, Myung-Soo Ko <bacchus21_at_gmail.com> wrote:
>> >>>
>> >>>> ip access-group 1 in was missing in interface configuration mode.
>> >>>>
>> >>>> Regards,
>> >>>> MS
>> >>>>
>> >>>> On Tue, Apr 10, 2012 at 2:16 PM, GAURAV MADAN <
>> >> gauravmadan1177_at_gmail.com
>> >>>> wrote:
>> >>>>
>> >>>>> What strange thing did you saw ?
>> >>>>>
>> >>>>> On Mon, Apr 9, 2012 at 3:08 PM, Myung-Soo Ko <bacchus21_at_gmail.com>
>> >>> wrote:
>> >>>>>
>> >>>>>> Hello, Group
>> >>>>>>
>> >>>>>> Sorry for asking such a basic question but I need clarification.
>> >>>>>>
>> >>>>>> Is it possible to make ACL effective without access-group command?
>> >>>>>>
>> >>>>>> For example, ACL configuration works in the following way.
>> >>>>>>
>> >>>>>> access-list 1 permit 192.168.1.0 0.0.0.255
>> >>>>>> int fa 0/0
>> >>>>>> ip access-group 1 in
>> >>>>>>
>> >>>>>> For the configuration above, is it possible to make access-list 1
>> >> work
>> >>>>>> without " ip access-group 1 in"?
>> >>>>>>
>> >>>>>> I think it's not possible, but I found strange configuration in
>> >>> production
>> >>>>>> environment.
>> >>>>>>
>> >>>>>> Thanks in advance,
>> >>>>>>
>> >>>>>> Regards,
>> >>>>>> Myung-Soo
>> >>>>>>
>> >>>>>>
>> >>>>>> Blogs and organic groups at http://www.ccie.net
>> >>>>>>
>> >>>>>>
>> >> _______________________________________________________________________
>> >>>>>> Subscription information may be found at:
>> >>>>>> http://www.groupstudy.com/list/CCIELab.html
>> >>>>
>> >>>>
>> >>>> Blogs and organic groups at http://www.ccie.net
>> >>>>
>> >>>>
>> _______________________________________________________________________
>> >>>> Subscription information may be found at:
>> >>>> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > ____________________________________________________________

Blogs and organic groups at http://www.ccie.net
Received on Tue Apr 10 2012 - 07:23:08 ART