Options
ACL clarification
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
in CCNA & CCENT
If I apply the following acl outbound on R2's s0/0 interface does it mean that only hosts from 192.168.12.193 - 192.168.12.222 in R2's lan subnet would be permitted to any destination that is between 192.168.13.193 - 192.168.12.206 in R3's lan subnet?
access-list 104 permit ip 192.168.12.192 0.0.0.31 192.168.13.192 0.0.0.15
[192.168.12.202/27]---fa0/0 R2 s0/0
<wan>
s0/0 R3 fa0/0---[192.168.13.203/28]
access-list 104 permit ip 192.168.12.192 0.0.0.31 192.168.13.192 0.0.0.15
[192.168.12.202/27]---fa0/0 R2 s0/0
<wan>
s0/0 R3 fa0/0---[192.168.13.203/28]
Comments
-
Options
kryolla
Member Posts: 785
If I apply the following acl outbound on R2's s0/0 interface does it mean that only hosts from 192.168.12.129 - 192.168.12.158 in R2's lan subnet would be permitted to any destination that is between 192.168.13.193 - 192.168.12.206 in R3's lan subnet?
access-list 104 permit ip 192.168.12.192 0.0.0.31 192.168.13.192 0.0.0.15
[192.168.12.202/27]---fa0/0 R2 s0/0
<wan>
s0/0 R3 fa0/0---[192.168.13.203/28]
192.168.12.192 0.0.0.31 = 192.168.12.192 - 223
192.168.13.192 0.0.0.15 = 192.168.13.192 - 207
when a packet exits R2 S0/0 interface and the source and destination matches the ACL it will be permitted and all other traffic will be denied
EDIT: look at it from a router looking into IP header as it exits s0/0 interface and it might make more senseStudying for CCIE and drinking Home Brew -
Optionsphoeneous
Member Posts: 2,333 ■■■■■■■□□□
I just realized I wrote 129-158, meant to say 193-222 for R2's lan subnet. Im excluding the broadcast addresses.
-
Optionskryolla
Member Posts: 785
I just realized I wrote 129-158, meant to say 193-222 for R2's lan subnet. Im excluding the broadcast addresses.
you are correct.
The router doesnt care where the source came from or where the destination is at all it cares about is whats in the ip header and if it matches an entry in ACLStudying for CCIE and drinking Home Brew