Hi- I know it might sound a silly doubt- but i need to know-ACL

happyalways

Hi.

I have read about ACL and saw a few videos as well..But got a doubt

My doubt is - "I know there is an implicit DENY ALL statement at the end of all the ACL's . For eg- This is the scenario - i want to restrict only a particular host and should permit only the 2nd and 3 rd ip in tht subnet- and permit every one else- say that restricted ip is 192.168.1.1/24

so according to me , my acl sttmts would be -as ACL is applied from TOP TO BOTTOM

ACL X( The acl number )

"permit 2nd ip of the subnet - wildcard bits
permit 3rd ip of the subnet- wildcard bits
deny 192.168.1.1 0.0.0.0
permit all "

-->>One of my other friend, who is also appearing for the exam, is telling me that the permit all sttmt should be first

"ACL X( The acl number )
permit all
permit 2nd ip of the subnet - wildcard bits
permit 3rd ip of the subnet- wildcard bits
deny 192.168.1.1 0.0.0.0 "

I want to know wat is the correct procedure- Anyone on this forum-Its little urgent- Have my exam on monday ..

Thanks

boredgamelad

You're right. In your friend's ACL, every packet would match the "permit" in the first line and the packet would be allowed. None of the other lines would matter because they wouldn't be read.