yes and no - one per protocol, per direction - hence:
interface serial1
ip access-group 101 in
ip access-group 102 out
ipx access-group 801 in
ipx access-group 802 out
would be fine
Andy
- Original Message -
From: "BASSOLE Rock"
To:
Sent: Wednesday, May 02, 2001 3:24 PM
Subject:
No. I don't think so
CM
-Original Message-
From: BASSOLE Rock [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 15:24
To: [EMAIL PROTECTED]
Subject: ACL [7:2882]
Hi,
Can we apply more then one ACL per interface?..
Example:
Interface Serial1
ip access-group 102 in
ip access-group 103 out
Only one per interface per protocol per direction.
So, you can have ip and ipx both applied in the inbound and outbound
directions.
-kirk
CCIE #7301
On Wed, 2 May 2001, BASSOLE Rock wrote:
> Hi,
>
> Can we apply more then one ACL per interface?..
>
>
> Example:
>
> Interface Serial1
> ip
You can apply one ACL per interface per direction per protocol.So you
can have more then one ACL on an interface, but each ACL has to be a
different direction and/or protocol from the others.
Brian
At 10:56 AM 5/2/2001 -0400, Charles Manafa wrote:
>No. I don't think so
>
>CM
>
>-Ori
For routers only one ACL can be applied per protocol, per direction, per
(sub) interface.
For switches - same, but check to see if ACL is supported on the interface
and for the protocol.
-Original Message-
From: BASSOLE Rock [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 02, 2001 10:24 A
77056
-Original Message-
From: Charles Manafa [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 02, 2001 9:57 AM
To: [EMAIL PROTECTED]
Subject: RE: ACL [7:2882]
No. I don't think so
CM
-Original Message-
From: BASSOLE Rock [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 15:
Why
- Original Message -
From: "BASSOLE Rock"
To:
Sent: Wednesday, May 02, 2001 7:24 AM
Subject: ACL [7:2882]
> Hi,
>
> Can we apply more then one ACL per interface?..
>
>
> Example:
>
> Interface Serial1
> ip access-group 102 in
> ip access-group 103 out
> ip access-group 104 in
> ip
Sent: Wednesday, May 02, 2001 3:19 PM
Subject: Re: ACL [7:2882]
> Why
> - Original Message -
> From: "BASSOLE Rock"
> To:
> Sent: Wednesday, May 02, 2001 7:24 AM
> Subject: ACL [7:2882]
>
>
> > Hi,
> >
> > Can we apply more then one AC
:56 PM
To: [EMAIL PROTECTED]
Subject:Re: ACL [7:2882]
1 reason would be to separate acl's per internal IP address you're
permitting/denying access to. 101=specific IP allowing ftp and http,
102=different IP allowing http only, etc. It would look cleaner anyway
al users should only
have port 80, etc.
I haven't thought this whole thing through yet so bear with me. No coffee
this morning ;)
- Original Message -
From: "Chuck Larrieu"
To: "Allen May" ;
Sent: Wednesday, May 02, 2001 4:03 PM
Subject: RE: ACL [7:2882]
>
ccess-lists might contain hundreds of lines. Imagine troubleshooting
one
> of
> > those suckers!
> >
> > Chuck
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Allen May
> > Sent: Wedne
wouldn't that be a resource hog
- Original Message -
From: "Allen May"
To:
Sent: Wednesday, May 02, 2001 1:55 PM
Subject: Re: ACL [7:2882]
> 1 reason would be to separate acl's per internal IP address you're
> permitting/denying access to. 101=sp
r also having
IPSec router to router or PIX to PIX dedicated tunnels.
Seems sadistic that I thought this up but it's actually a project I'm
putting myself through...rofl.
Later
Allen
- Original Message -
From: "Donald B Johnson jr"
To: "Allen May" ;
Sent: T
ccess-lists, each with a different function.
Chuck
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Allen May
Sent: Thursday, May 03, 2001 8:52 AM
To: [EMAIL PROTECTED]
Subject: Re: ACL [7:2882]
I'm sure there are plenty of people who
n.
>
> Chuck
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Allen May
> Sent: Thursday, May 03, 2001 8:52 AM
> To: [EMAIL PROTECTED]
> Subject: Re: ACL [7:2882]
>
> I'm sure there are plenty of people who
15 matches
Mail list logo