Cisco access lists statements operate in sequential order (from the top
down). If a packet matches the conditions of one statement, the rest of the
statements in the list are skipped. Also note there is an implicit deny at
the end of the access list, so if the packet does not match any of the
statements in the list it is dropped.
-- Adam Kaufman
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, September 28, 1999 7:28 AM
> To: [EMAIL PROTECTED]
> Subject: Slightly OT: Cisco Access Lists
>
>
> I'm modifying the access lists on a couple of my Cisco routers
> and have a question/problem I couldn't locate on the Cisco web
> site.
>
> I'm trying the approach of denying all, and then only allowing the
> ports I need.
>
> Do the access lists read from top down? i.e. put the allow statements
> first, and then the deny any at the end? Can you have multiple
> access lists on the same interface? Which takes precedence when
> there is a conflict? Is it standard practice to have one access list
> (maybe large) per interface?
>
> Thanks,
>
> John Monahan
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
