Access Lists in out troubles
gouki2005
Member Posts: 197
in CCNA & CCENT
I still dont understand the in or out for the access list look the picture
http://www.tic.ac.uk/opnet/StudentWebsite/images/Lab2.h39.jpg
now look the 205.7.5.0 net ok now i going to apply the acl there ok so for me the E1 is the outbound interface because my traffic is getting out of my network and the inbound interface is E0
i am right???
http://www.tic.ac.uk/opnet/StudentWebsite/images/Lab2.h39.jpg
now look the 205.7.5.0 net ok now i going to apply the acl there ok so for me the E1 is the outbound interface because my traffic is getting out of my network and the inbound interface is E0
i am right???
Comments
-
ilcram19-2 Banned Posts: 436put it this way in or out is only relative to the interface that the ACL is applied to for xample
when is comming in to the interface the source is the host generating the traffic from the lan of the routers interface ip to a destination outside that interface
example
permit ip host 10.1.1.2 host 9.9.9.9
source destination
Local LAN
>in>10.1.1.1 (router)
when it comming out is going from a remote subnet to the subnet of the routers interface
example
permit ip host 9.9.9.9 host 10.1.1.2
source destination
Local LAN<
out<10.1.1.1 -
gouki2005 Member Posts: 197ilcram19-2 wrote: »put it this way in or out is only relative to the interface that the ACL is applied to for xample
when is comming in to the interface the source is the host generating the traffic from the lan of the routers interface ip to a destination outside that interface
example
permit ip host 10.1.1.2 host 9.9.9.9
source destination
Local LAN
>in>10.1.1.1 (router)
when it comming out is going from a remote subnet to the subnet of the routers interface
example
permit ip host 9.9.9.9 host 10.1.1.2
source destination
Local LAN<
out<10.1.1.1 -
notgoing2fail Member Posts: 1,138Don't think too hard, it's all perspective from how the ACL is created. The way you want the ACL to function is how you apply the direction....
-
alan2308 Member Posts: 1,854 ■■■■■■■■□□Think in terms of the router interface, not the source or destination of the traffic. In your example, traffic originating from the 205.7.5.0 network comes into the router E1 interface. That traffic is inbound on E1, it is coming into the router there. But this applies only to that interface. That same traffic exits on interface E0, so that same traffic is outbound on E0. And it works the same way for traffic going the other way. Traffic with a destination on the 205.7.5.0 network is outbound on E1.
You can have one access list per interface per direction per protocol. -
chmorin Member Posts: 1,446 ■■■■■□□□□□Take the perspective of the interface you are applying.
"HEY YOU PACKET! Okay you can come in."
"HEY YOU PACKET! Nope, you're not on the list to come in."
"Oh, you want out? Okay, you can get out."
"Oh, you want out? Sorry, you're not on the list to go out."Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle.