quick access list question (im rusty)

rakemrakem Member Posts: 800
in CCNA & CCENT
Hi guys,


m setting a couple of access lists at work and im just a bit rusty on the actual placement of the ACLs.

I seem to remember a statement from some text book saying something like "one ACL per interface per protocol per direction" or something..


So is it wrong to put an inbound and outbound access list on one interface?
CCIE# 38186
showroute.net
· Share on FacebookShare on Twitter

Comments

  • SlowhandSlowhand Mod Posts: 5,161 Mod
    Nope, it's not wrong to put one inbound and one outbound ACL on the same interface (in most cases). Take a look at this article for a better description of how to use and apply ACLs:
    Cisco's Documentation wrote:
    Applying Access Lists to Interfaces
    For some protocols, you can apply up to two access lists to an interface: one inbound access list and one outbound access list. With other protocols, you apply only one access list which checks both inbound and outbound packets.

    If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the access list's criteria statements for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.

    If the access list is outbound, after receiving and routing a packet to the outbound interface, the software checks the access list's criteria statements for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.
    Twitter | LinkIn
    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
    · Share on FacebookShare on Twitter
  • tech-airmantech-airman Member Posts: 953
    rakem wrote:
    Hi guys,


    m setting a couple of access lists at work and im just a bit rusty on the actual placement of the ACLs.

    I seem to remember a statement from some text book saying something like "one ACL per interface per protocol per direction" or something..


    So is it wrong to put an inbound and outbound access list on one interface?

    rakem,

    Sometimes, the answer is staring you right in the face. As you mentioned "one ACL per interface per protocol per direction." So an inbound ACL is DIFFERENT from an outbound ACL. That means you can apply one ACL in the inbound direction and apply a separate ACL in the outbound direction on the same interface.

    I hope this helps.
    · Share on FacebookShare on Twitter
  • rakemrakem Member Posts: 800
    tech-airman wrote:
    rakem wrote:
    Hi guys,


    m setting a couple of access lists at work and im just a bit rusty on the actual placement of the ACLs.

    I seem to remember a statement from some text book saying something like "one ACL per interface per protocol per direction" or something..


    So is it wrong to put an inbound and outbound access list on one interface?

    rakem,

    Sometimes, the answer is staring you right in the face. As you mentioned "one ACL per interface per protocol per direction." So an inbound ACL is DIFFERENT from an outbound ACL. That means you can apply one ACL in the inbound direction and apply a separate ACL in the outbound direction on the same interface.

    I hope this helps.

    yep cool.

    thanks
    CCIE# 38186
    showroute.net
    · Share on FacebookShare on Twitter
Sign In or Register to comment.