nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Confused on ACLs

mrj

Hey guys,

I've got a mental block when it comes to ACLs. Just a few questions;

diagram--

{internet}

s0(router1)fa0/0----fa0/0[switch1]e0

!pc1!

Say I want to block PC1 from reaching the internet. Do I put an IN access list on the fa0/0 port, or do I put an OUT access list on the s0 port?

Or do I put an OUT access list on fa0/0?

This is my worst subject by far, I don't feel like any of my materials have explained ACLs well at all

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

shednik

I would place the ACL on S0/0 and on traffic going out...

dtlokee

Why not put it inbound on the router' Fa0/0 port, that way you drop it before it gets routed.

Kcolon1

If it's a standard ACL - it's best to put it on the devide closest to the destination. - I just read that 10 minutes ago on the Sybex 640-802 book lol.

larkspur

for directional puposes i usually look at it as if I was in the router and then use the appropraite acl.

my 2 cents

r_durant

Agreed...

dtlokee wrote:

Why not put it inbound on the router' Fa0/0 port, that way you drop it before it gets routed.

It probably wont be a standard if it's blocking www (specific) traffic...

Kcolon1 wrote:

If it's a standard ACL - it's best to put it on the devide closest to the destination. - I just read that 10 minutes ago on the Sybex 640-802 book lol.