access list standard or extended

PeraHoman
PeraHoman used Ask the Experts™
on
Does an access list (standard or extended) need to be assigned on an interface, or can it work "globally" if you create the ACL?  I've seen it on a lot of configs where I work, but I don't see it applied on an interface.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Instructor
Top Expert 2015
Commented:
Correct, it has to be applied somewhere. Not necessarily on an interface (i.e. it's used in a routing distribute list).

It is not unusual to see old ACL's on routers.  When I modify an ACL, I do it by creating a new one based on the existing ACL and use a different name (or number).  That way, I can quickly roll back should something go sideways.   I usually document it with a note to delete after some period of time (anywhere from 1 week to 6 months).  But sometimes I forget.
Ian ArakelNetwork Lead: Data and Security
Top Expert 2016
Commented:
Hi There,

The access-lists can be used in route maps, distribute list, NATting etc.
For cleanup sakes, a quarterly review to identify the  in use access-list would be recommended.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial