ACL Question

In an extended ACL, say you add the line: permit ip any any. Will this allow esp, eigrp, ospf, and all the other protocols that are listed when you use IOS help after typing permit?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

phantasm

I'll take a shot at this question.

Since IP is a layer 2 protocol (Network) and so is OSPF, EIGRP, RIP, BGP, IGRP and so on and so forth; theoretically, yes it would.

I''ll try it when i get home on the lab. But I believe it should.

If I am wrong, someone correct me. Thanks.

rewind

Actually sir, IP is layer 3 and BGP is layer 4.

Thanks for the reply though!

Pash

silentbobby wrote:

Actually sir, IP is layer 3 and BGP is layer 4.

Thanks for the reply though!

I think he got his DoD and OSI model mixed up.

If you do not specify, yes it does allow them all. HTH.

Cheers,

dtlokee

IP is indeed layer 3

If you use a permit ip any any, you're telling the router to allow anything that has an IP header regardless of what's in the header. EIGRP for IP uses IP protocol 88 so it has an IP header therefore it will be allowed.

phantasm

In my own defense, I forgot to count the physical layer since there are no protocols contained within. lol.

tech-airman

silentbobby wrote:

In an extended ACL, say you add the line: permit ip any any. Will this allow esp, eigrp, ospf, and all the other protocols that are listed when you use IOS help after typing permit?

silentbobby,

The answer to your question is the wonderful "it depends."

If you specifically have a "deny" statement prior to the "permit ip any any" statement, then whatever you specifically denied will NOT get through. Whatever wasn't specifically denied WILL get through.

If you specifically have a "deny" statement after the "permit ip any any" statement, then everything will get through because anything matches the statement "any any" therefore will ignore the subsequent "deny" statements.

Then again, unless this ACL is applied to an interface, the ACL won't block anything.

I hope this helps.

rewind

Thank you all so much for your input. I am never let down in this forum

Take care,
Chris