Can't think of a reason why you would use the three lines. As far as I know (unless there are any little tricks or gotchas) this does make the first two redundant.
Gareth ""Charlie Wehner"" wrote in message news:[EMAIL PROTECTED] > Two quick questions: > > I've configured an access-list to only permit certain tcp and udp ports > above 1024. At the end of the access-list I have the following commands: > > access-list 101 deny tcp any any log > access-list 101 deny udp any any log > access-list 101 deny ip any any log > > Question 1: Do I even need the "deny tcp" and "deny udp" statements since I > also have a deny ip statement? > > Question 2: When I perform a port scan through the router it logs some of > the events but it seems to miss the majority of them giving me the following > error message: > > "%SEC-6-IPACCESSLOGRL. access-list logging rate-limited or missed 142 > packets" > > Is access-list logging rate-limited by default? Is there anyway for me to > ensure everything gets logged? I'm not sure if I understand? > > Thanks, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66675&t=66520 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
