Administrator Guide
Access Control Lists 679
ACL Configuration Examples
This section contains the following examples:
• "Basic Rules " on page 679
• "Internal System ACLs " on page 680
• "Complete ACL Example " on page 681
• "Advanced Examples " on page 685
• "Policy-Based Routing Examples " on page 697
Basic Rules
• Inbound rule allowing all packets sequenced after all other rules. It is
recommended that the largest possible sequence number be specified with
a permit every rule to ensure that it is the last rule processed in the ACL.
2147483647 permit every
Administrators should be cautious when using the
permit every
rule in an
access list, especially when using multiple access lists. All packets match a
permit every
rule and no further processing is done on the packet. This
means that a
permit every
match in an access list will skip processing
subsequent rules in the current or subsequent access-lists and allow all
packets not previously denied by a prior rule.
• Inbound rule to drop all packets:
As the last rule in a list, this rule is redundant as an implicit “deny every” is
added after the end of the last access-group configured on an interface.
10000 deny every
Administrators should be cautious when using the
deny every
rule in an
access list, especially when using multiple access lists. When a packet
matches a rule, no further processing is done on the packet. This means
that a
deny every
match in an access list will skip processing subsequent
rules in the current or subsequent access-lists and drop all packets not
previously allowed by a prior rule.
NOTE: None of these ACL rules are applicable to the OOB interface.