Yeah.... You can have multiple lines in an ACL. The 'any' keyword certainly summarizes but obviously permits MANY more matches than just the loopback and 131.1.12.0/24 network! ACL and the logic are covered on the DocCD as well. Check out: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a2.html#w p1013358 http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/schacls. html HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amir.Tahir/Wateen/Lahore Sent: Monday, May 12, 2008 12:14 AM To: [email protected] Subject: [OSL | CCIE_RS] Extended ACL - Need Help Hi there, With reference to extended access list topic I would like to clarify couple of things access-list 101 permit ip 131.1.23.0 0.0.0.255 131.1.12.0 0.0.0.255 As per my understanding the above ACL states that if a packet who's source is network "131.1.23.x with destination address 131.1.12.0/24 could be permitted only. In order to have access of R1's loopback, in addition to above mentioned ACL I have to create another access list to permit loopback's interface. like access-list 101 permit ip 131.1.23.0 0.0.0.255 1.1.1.0 0.0.0.255 To permit both of the network in one single line, can I compile them like the following ACL access-list 101 permit ip 131.1.23.0 0.0.0.255 any ...Please correct me if I am wrong Regards / AT
