Have some specific questions about EXOS ACL's I am hoping someone can help with:
Dynamic and Policy ACL's - do these have a Explicit Deny or Permit at the end of each. I know I can create either / or but not sure what the default process is and if its the same for each type?
If I create a Policy ACL with just an 'if' statement and NO match condition, i.e. 'match all', would it still match all elements in the statement like Source Address, Protocol and Port Number?
Whats the main difference and reasons for creating ACL's as a policy than Dynamic and visa versa, here's some that I can think of:
Policy ACL you can edit the rule, i.e. if you wanted to add a count to a rule as opposed to a Dynamic ACL you would have to remove the ACL and re-add it amended.
Dynamic ACL's help if you are used to writing them directly in the command line.
Dynamic ACL's you can re-use rules per individual rule.
Policy ACL's you can apply many rules at once with a single command.
Also, don't confuse ACL with Policies (Routing Policies). They share the same syntax pre-processor, but behave slightly differently, while Routing Policies do have a "match any" that is not available to ACL.
