Applying multiple access lists to an interface


(Donald S) #1

If I want to apply 2 different access lists to my outside interface inbound i.e access list 110 and 111 I have to combine them into 1 access list or choose the one I want to apply?

From my understanding you can only have 1 access-list per direction, per interface, per protocol. This means I can have 2 access lists 1 inbound and 1 outbound. Both can’t be in the same direction.


(Rene Molenaar) #2

That’s right, you can have one inbound and one outbound access-list but that’s it. If you want access-list 110 and 110 in the same direction then you will have to combine them.


(Donald S) #3

OK. Got it. I will combine them into 1 in bound access list.

Thanks.


(Donald S) #4

I believe I see my error. I think I need to explicitly allow internal traffic
permit ip any <local networks> <local networks wildcard


(Rene Molenaar) #5

On Cisco IOS, access-lists always have an “explicit deny” at the bottom. It’s invisible but it’s there. If you don’t permit something, it will always be denied.