ACL question

froufrou123

Hey guys,

I'm reading Wendell Odom's ICND2 and was going over this example at page 242, figure 6-3.

He answers the example completely in Example 6-5 at pg 243. He suggested outbound ACL on Yosemite's s0 and s1 to prevent sam from reaching Bugs or Duffy.

Now, my question is: Wouldn't it be more efficient to implement an outbound ACL on Albuquerque's E0 interface? This way if the link between Yose. and Sev. goes down, Sam would still be able to reach Sev.

Also, I think I remember the author saying that when it comes to standard ACL, always apply ACLs on the nearest interface to destination, which in this case should be Albuquerque's E0 interface anyway.

I hope someone could clarify

Thanks

froufrou123

Another thought: wouldn't this same outbound ACL prevent Sam from accessing anything that differs his own subnet, since standard ACL only looks at the source IP address?

gregorio323

I see what you I've opened my book at took a look at it. It's correct i think you got confused you said he put s0 and s1 ACL's on Yosemite actually he set it up on Yosemite s0 to prevent sam from reaching bugs and daffy. and on S1 out on seville to prevent any host on seville to reach yosemite. and putting it on the E0 interface you'll be denying too much you might as well unplug them off the cable if you do that. They wont be able to access anything on the network.

chmorin

I'm not sure where but this exact question was asked somewhere in these forums and I know it got a few replies. Funny that more people notice it, though.

Monkerz

http://www.techexams.net/forums/ccna-ccent/57234-standard-acls.html