IP Access-Lists, or rather Cisco Access-lists in general, are parsed from
top to bottom, until a match is found. The criteria used, is "first match".
Given your examples:
ip access-list 10 deny host 192.168.1.19
ip access-list 10 permit any
A packet comes to the list from 10.0.0.1 -- first line
>more specifically with the following:
>
>
>ip access-list 10 deny host 192.168.1.19
>ip access-list 10 permit any
>ip access-group 10 in
this will deny packets sourced from the host 192.168.1.19 and will allow the
rest to pass through ...
>I was recently told that the last line overrides any
2 matches
Mail list logo