Access-list / Access-group Questions?

[userice]

If I entered access-list commands, but I didn't enter access-group command. Would access-list work? For example: I enter "access-list 100 permit tcp any interface outside eq ftp", but I didn't enter "access-group 100 in interface outside". Would access-list take effect?

If I enter access-group 100 in interface outside" without entering any access-list 100 ... Would it give me the following errors?

Result of firewall command: "access-group 100 in interface outside"

ERROR: access-list <100> does not exist
Usage: [no] access-group <access-list> in interface <if_name> [per-user-override]
Command failed

Thank you

 

[308win]

You can create all the access lists you want. They will not do a thing till you apply them to an interface or use them otherwise (VPN, NAT 0, capture, authentication trigger etc).

The second question, yes if you try and apply an access list that does not exist you will get that error, it is telling you that it does not exist.

Hint, name your list so it makes sense as to what it is when you read it. As in call your group outside or something like that.