access lists in or out
liven
Member Posts: 918
in CCNA & CCENT
ok...
Sorry for all the stupid questions. But I am getting close to my test date (21st) and trying to iron all the stuff out.
Ok I feel pretty good about access lists... My main study material is lammle book... Well seems like he usually wants to apply access lists in an out bound direction. I am struggling to find to many examples when he places then inbound....
Standard access lists are places as close to destination as possible and extended as close to source as possible...
So if you were trying to block traffic into a particular network connect to to E0 on a router, and the traffic to block is entering the router on E1 doesn't it make sense to put the ACL inbound on E1?
Thanks all
Sorry for all the stupid questions. But I am getting close to my test date (21st) and trying to iron all the stuff out.
Ok I feel pretty good about access lists... My main study material is lammle book... Well seems like he usually wants to apply access lists in an out bound direction. I am struggling to find to many examples when he places then inbound....
Standard access lists are places as close to destination as possible and extended as close to source as possible...
So if you were trying to block traffic into a particular network connect to to E0 on a router, and the traffic to block is entering the router on E1 doesn't it make sense to put the ACL inbound on E1?
Thanks all
encrypt the encryption, never mind my brain hurts.
Comments
-
liven
Member Posts: 918
man I feel kinda dumb....
I guess with the rule:
standard goes as close to the destination as possible... It would make sense to put it out bound on the exit interface heading to the destination network....
I guess I have been studying to much and simple things are starting to elude me....
I hate it when I can't see things that are simple, or get things wrong that I already know...
But this darn test makes me keep second guessing myself.
Hopefully it will get better, still got about 10 days left.encrypt the encryption, never mind my brain hurts. -
Essendon
Member Posts: 4,546 ■■■■■■■■■■
Access-lists are one of my favorite topics....
Just before I forget this, remember to study access-lists for controlling telnet access, I mean the command access-class 1 in. Also study what named access-lists can do what numbered cannot do. I got 5 questions on ACL's on my test. Always remember that there is an implied deny statement at the end. So everything gets denied in the absence of a permit ip any any.
The books usually place access-lists outbound at the interfaces, so that u dont accidently BLOCK out traffic that u intended to pass. So placing access-lists outbound only allows traffic to some destinations and denies traffic to other destinations. -
finity
Member Posts: 1 ■□□□□□□□□□
Be very careful with where you put the access list - on my CCNA I was going to place outbound s0 but when I reread it I realized it was inbound e0 - wish I could remember the question better but it wasn't intuitive the way it often is - also don't make make my stupid mistake of not being familiar with switch commands - you should be able to answer questions about a topology from a switch telenet session - I passed but with 15 seconds to spare. Good luckHelp Jane, stop this crazy thing!
-
APA
Member Posts: 959
Put your mind inside the router and vision where the traffic is coming in from and where it will be going out this will help you really nail where you need to place your standard or extended ACL's
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
r_durant
Member Posts: 486 ■■■□□□□□□□
A.P.A wrote:Put your mind inside the router and vision where the traffic is coming in from and where it will be going out this will help you really nail where you need to place your standard or extended ACL's
Agreed!! Can't go wrong there...CCNA (Expired...), MCSE, CWNA, BSc Computer Science
Working on renewing CCNA! -
Crunchyhippo
Member Posts: 389
A.P.A wrote:Put your mind inside the router and vision where the traffic is coming in from and where it will be going out this will help you really nail where you need to place your standard or extended ACL's
I see you're working on CCNP; are you doing this self-study or in a class setting? Are you finding it easier or more difficult than you had imagined? I'm actually doing the CCVP track myself and was just curious as to how the CCNP went. Thanks."Computers in the future may weigh no more than 1.5 tons." - Popular Mechanics, 1949 -
hectorjhrdz
Member Posts: 127
yep, sometimes the the data flow requirements make you avoid the rule:
Standard ACL
> Destination
Extended ACL
> Source
so that "rule" it's only a recommendation. Try, as A.P.A. wrote, to figure the scenario out like if you were the router.
best regards -
tech-airman
Member Posts: 953
hectorjhrdz wrote:yep, sometimes the the data flow requirements make you avoid the rule:
Standard ACL
> Destination
Extended ACL
> Source
so that "rule" it's only a recommendation. Try, as A.P.A. wrote, to figure the scenario out like if you were the router.
best regards
hectorjhrdz,
Actually it's the other way around:- Standard ACL filters by Source
- Extended ACL may filter by Source, Destination, Protocol, and Port
-
Paul Boz
Member Posts: 2,620 ■■■■■■■■□□
liven wrote:man I feel kinda dumb....
I guess with the rule:
standard goes as close to the destination as possible... It would make sense to put it out bound on the exit interface heading to the destination network....
I guess I have been studying to much and simple things are starting to elude me....
I hate it when I can't see things that are simple, or get things wrong that I already know...
Don't get down on yourself. If you've never seen this material before now and you can understand the mistake you made you're doing better than most! A lot of the stuff involved in routing and switching is complex and new to people when they first see it so it just takes some time for it all to gel together.Crunchyhippo wrote:A.P.A wrote:Put your mind inside the router and vision where the traffic is coming in from and where it will be going out this will help you really nail where you need to place your standard or extended ACL's
I see you're working on CCNP; are you doing this self-study or in a class setting? Are you finding it easier or more difficult than you had imagined? I'm actually doing the CCVP track myself and was just curious as to how the CCNP went. Thanks.
It's significantly more intense than the pursuit of the CCNA. Looking back now, the CCNA was pretty insignificant compared to the sheer volume of information the CCNP requires you to digest and understand.
How's the CCVP?CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/ -
r_durant
Member Posts: 486 ■■■□□□□□□□
tech-airman wrote:hectorjhrdz wrote:yep, sometimes the the data flow requirements make you avoid the rule:
Standard ACL
> Destination
Extended ACL
> Source
so that "rule" it's only a recommendation. Try, as A.P.A. wrote, to figure the scenario out like if you were the router.
best regards
hectorjhrdz,
Actually it's the other way around:- Standard ACL filters by Source
- Extended ACL may filter by Source, Destination, Protocol, and Port
tech-airman,
I could be wrong, but I think hectorjhrdz is referring to the rule about where to put the acl, at least that's how I understand it...not what the ACL's filter by...but I guess hectorjhrdz can clear that up...CCNA (Expired...), MCSE, CWNA, BSc Computer Science
Working on renewing CCNA! -
hectorjhrdz
Member Posts: 127
yep, r_durant.
I meant about the allocation of ACLs tech-airman.
cheers[/b]
