The Implicit Deny Any

In this article we will discuss The Implicit Deny Any, will make brief discussion on The Implicit Deny Any, In last article we discuss about Verifying the VTY Port is Secured.

A single-entry ACL with only one deny entry has the effect of denying all traffic. At least one permit ACE must be configured in an ACL or all traffic is blocked.

The ‘implicit deny‘ security stance treats everything not given specific and selective permission as suspicious. Network boundaries that follow an implicit deny concept only allows specific IP addresses and/or service ports while blocking all others.

Applying either ACL 1 or ACL 2 to the S0/0/0 interface of R1 in the outbound direction will have the same effect. Network 192.168.10.0 will be permitted to access the networks reachable through S0/0/0, while 192.168.11.0 will not be allowed to access those networks. In ACL 1, if a packet does not match the permit statement, it is discarded.

Add a Comment

Your email address will not be published. Required fields are marked *