Hi- I know it might sound a silly doubt- but i need to know-ACL

Hi.

I have read about ACL and saw a few videos as well..But got a doubt

My doubt is - "I know there is an implicit DENY ALL statement at the end of all the ACL's . For eg- This is the scenario - i want to restrict only a particular host and should permit only the 2nd and 3 rd ip in tht subnet- and permit every one else- say that restricted ip is 192.168.1.1/24

so according to me , my acl sttmts would be -as ACL is applied from TOP TO BOTTOM

ACL X( The acl number )

"permit 2nd ip of the subnet - wildcard bits
permit 3rd ip of the subnet- wildcard bits
deny 192.168.1.1 0.0.0.0
permit all "

-->>One of my other friend, who is also appearing for the exam, is telling me that the permit all sttmt should be first

"ACL X( The acl number )
permit all
permit 2nd ip of the subnet - wildcard bits
permit 3rd ip of the subnet- wildcard bits
deny 192.168.1.1 0.0.0.0 "

I want to know wat is the correct procedure- Anyone on this forum-Its little urgent- Have my exam on monday ..

Thanks

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

boredgamelad

You're right. In your friend's ACL, every packet would match the "permit" in the first line and the packet would be allowed. None of the other lines would matter because they wouldn't be read.

happyalways

thanks boredgamelad-

also - if i give permit all acl sttmt as the last line in my ACL- does it mean that it negates the deny all sttmt

and then there is no purpose of writing an ACL with just 1 sttmt-permit any any .

Right? ok let me ask again - If i give permit any any- ACL is useless right?

boredgamelad

Sounds to me like you've basically got it.

lantech

It will read the ACLs in the order that you write them. Once it finds a match it then stops reading the ACL and performs the action that is matched. So if your first statement is permit all then everything will be matched and it will stop reading the ACL and let everything through.

Death Dream

lantech wrote: »

It will read the ACLs in the order that you write them. Once it finds a match it then stops reading the ACL and performs the action that is matched. So if your first statement is permit all then everything will be matched and it will stop reading the ACL and let everything through.

Exactly. You shouldn't listen to your friend anymore haha