Users Guide

Table Of Contents
764 Access Control Lists
ACL Configuration Examples
This section contains the following examples:
"Basic Rules" on page 764
"Internal System ACLs" on page 765
"Complete ACL Example" on page 766
"Advanced Examples" on page 770
"Policy-Based Routing Examples" on page 782
Basic Rules
Inbound rule allowing all packets sequenced after all other rules. It is
recommended that the largest possible sequence number be specified with
a permit every rule to ensure that it is the last rule processed in the ACL.
2147483647 permit every
Administrators should be cautious when using the permit every rule in an
access list, especially when using multiple access lists. All packets match a
permit every rule and no further processing is done on the packet. This
means that a permit every match in an access list will skip processing
subsequent rules in the current or subsequent access-lists and allow all
packets not previously denied by a prior rule.
Inbound rule to drop all packets:
As the last rule in a list, this rule is redundant as an implicit “deny every” is
added after the end of the last access-group configured on an interface.
10000 deny every
Administrators should be cautious when using the deny every rule in an
access list, especially when using multiple access lists. When a packet
matches a rule, no further processing is done on the packet. This means
that a deny every match in an access list will skip processing subsequent
rules in the current or subsequent access-lists and drop all packets not
previously allowed by a prior rule.
NOTE: None of these ACL rules are applicable to the OOB interface.