Solved

What if ACL is applied to interface and then ACL is deleted

Posted on 2009-04-10
1
402 Views
Last Modified: 2012-05-06
I have not had time to test this so I will just ask the experts.

I was wondering what happens in this scenario:

Extended IP access list 190
    10 permit ip 192.168.0.0 0.1.255.255 any (2 matches)
    20 permit ip 224.0.0.0 15.255.255.255 any
    30 permit ip 192.169.0.0 0.0.255.255 any
    40 deny ip any any log-input (143083 matches)

What happens if this ACL is applied to a VLAN interface and then someone goes and deletes the ACL without taking it out of the access-group on the VLAN interface? Does it automatically deny everything?
0
Comment
Question by:typertec
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 350 total points
ID: 24118155
No, it automatically permits everything but beware that if the access-group is applied to the interface and you go to add the access-list back, after the first line added, all traffic will be denied because of the implicit deny any until you add the rest of the permits.  It is best to remove the access-group from the interface if the list was deleted before adding back.  Once added back, then reapply the list to the interface.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question