RE: what criteria does a access-list use when a there is a contradiction?

IP Access-Lists, or rather Cisco Access-lists in general, are parsed from top to bottom, until a match is found. The criteria used, is "first match". Given your examples: ip access-list 10 deny host 192.168.1.19 ip access-list 10 permit any A packet comes to the list from 10.0.0.1 -- first line

Re: what criteria does a access-list use when a there is a contradiction?

>more specifically with the following: > > >ip access-list 10 deny host 192.168.1.19 >ip access-list 10 permit any >ip access-group 10 in this will deny packets sourced from the host 192.168.1.19 and will allow the rest to pass through ... >I was recently told that the last line overrides any