Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access List For A Dummy 1

Status
Not open for further replies.
simac10

simac10

ISP
Joined
Aug 19, 2005
Messages
2
Location
GB
With access lists how are they applied to the interface. I understand they can be both inbound and outbound but surely outbound for say an ethernet interface can be out to the internal network and out to the wan side network?

So are the access lists applied out on both sides?

Sorry if this sounds muddled but this is my problem with acces slists.
 
Sort by date Sort by votes
Hi,

Dont think of the Application of an access list from the perspective of a router, but the interface. I.E If you have an Inbound Access list on the internal Ethernet Interface, then it will only check for traffic coming into that interface. it will then route normally and exit the other interfaces.

Again, Imagine a router with a Fast Ethernet Interface and a serial interface going to the internet.. and you have a packet being sourced from the internal lan to the internet.... and also you have an acces list applied IN to the ethernet interface and OUT on the serial. The packet will be checked as it goes IN the Ethernet interface and checked as it goes OUT the serial, however the reply packet will not be checked as no access list is applied IN the Serial interface and OUT the ethernet.....

Hope this makes sense.... P.S the above example in the real world would be the otherway round.

LEEroy
MCNE6,CCNA2,CWNA, Project+
 
Upvote 0 Downvote
Thankyou. Just to clarify. That a packet bound for the internet would move IN the Ethernet and OUT the serial. And the returning packet would move IN the serial and OUT the ethernet back to your PC.
 
Upvote 0 Downvote
Correct. Assuming you have two interfaces, putting an ACL inbound on one interface is much the same as putting it outbound on the other. A good thing about inbound ACLs is that they protect the router itelf as well as the hosts beyond it.

Outbound ACLs are really useful if you have several interfaces, and wish to protect hosts on one of the segments against the others. In this case, an outbound ACL on the protected segment would be simpler to maintain than multiple inbound ACLs on the others.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarod_paris
  • Locked
  • Question Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
610
jarod_paris
jarod_paris
jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
515
DavetheChef
DavetheChef
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
399
badwolf1686
B
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
556
CPM86
CPM86
disk-us
  • Locked
  • Question Question
RTU licensing for a901
Replies
0
Views
259
disk-us
disk-us

Part and Inventory Search

Sponsor

Back
Top