Confused on ACLs
mrj
Member Posts: 85 ■■□□□□□□□□
in CCNA & CCENT
Hey guys,
I've got a mental block when it comes to ACLs. Just a few questions;
diagram--
{internet}
s0(router1)fa0/0----fa0/0[switch1]e0
!pc1!
Say I want to block PC1 from reaching the internet. Do I put an IN access list on the fa0/0 port, or do I put an OUT access list on the s0 port?
Or do I put an OUT access list on fa0/0?
This is my worst subject by far, I don't feel like any of my materials have explained ACLs well at all
I've got a mental block when it comes to ACLs. Just a few questions;
diagram--
{internet}
s0(router1)fa0/0----fa0/0[switch1]e0
!pc1!
Say I want to block PC1 from reaching the internet. Do I put an IN access list on the fa0/0 port, or do I put an OUT access list on the s0 port?
Or do I put an OUT access list on fa0/0?
This is my worst subject by far, I don't feel like any of my materials have explained ACLs well at all
Comments
-
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Why not put it inbound on the router' Fa0/0 port, that way you drop it before it gets routed.The only easy day was yesterday! -
Kcolon1
Member Posts: 36 ■■□□□□□□□□
If it's a standard ACL - it's best to put it on the devide closest to the destination. - I just read that 10 minutes ago on the Sybex 640-802 book lol.
-
larkspur
Member Posts: 235
for directional puposes i usually look at it as if I was in the router and then use the appropraite acl.
my 2 centsjust trying to keep it all in perspective! -
r_durant
Member Posts: 486 ■■■□□□□□□□
Agreed...dtlokee wrote:Why not put it inbound on the router' Fa0/0 port, that way you drop it before it gets routed.
It probably wont be a standard if it's blocking www (specific) traffic...
Kcolon1 wrote:If it's a standard ACL - it's best to put it on the devide closest to the destination. - I just read that 10 minutes ago on the Sybex 640-802 book lol.CCNA (Expired...), MCSE, CWNA, BSc Computer Science
Working on renewing CCNA!
