RE: Cisco acls

["Ben Nagy" <ben () iagu net>]

That's right.

Also, as you paste in the ACL, the protection is applied incrementally (line
by line). A common mistake is to include a rule in the paste which kills the
connection you are pasting from - leading to "half pasted" ACLs.

I used to create new access lists as a separate number, change the 'ip
access-group blah in' statement on the interface where they are applied,
then delete the old one. Then again that's a while ago now, not sure if
there is a funkier way to do it these days.

Cheers,

ben

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com 
> [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
> Of Eric Appelboom
> Sent: Tuesday, March 01, 2005 4:53 PM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] Cisco acls
>
>
> Hi,
>
> I would appreciate some comments with regard to the extensive use of
> cisco routers acls
> To protect numerous networks.
>
> My concern is that when someone amends an access-list one generally
> enters, no access-list 177 and
> Then pastes in the new access list. Does this mean that for a 
> period of
> time there is no protection on the
> Network that the acls applies?
>
> Best Regards
> Eric
> MWEB: S.A.'s trusted Internet Service Provider. Just Like that. 
> To join, click here or call 08600 32000. 
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards