Hi
The basic answer is yes.
The more detailed answer is that ACLs, when edited from the CLI, are handled
in the squenial why, e.g.
permit tcp any any 80
deny ip any any log
permit tcp any any 23
The permit for telnet would be added at the end of the ACL list, and in this
case would be useless becasue of the deny all above it.
To overcome this (IMHO) shortcoming of IOS I use keep a commented copy of
the ACL in a text file. Then when I need to edit the ACL, I edit in my
favority text editor, then remove the ACL from the interface, delete the
ACL, recreate the ACL and reapply it to the interface. The truth be told I
really like this method better, as I can do some very detailed comments
without having to have them take up configuration memory. Memory is
generally not an issue, but I have had the unfortune to work a couple of
5000+ ACLs before which streches the limits of the IOS and config memory.
HTH
--
John Hardman CCNP MCSE+I
"Andy Barkl" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If you add your own deny all statement at the end of an Access-List, will
> all other statements then be added as well after the deny all?
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
