ACL question
froufrou123
Member Posts: 29 ■□□□□□□□□□
in CCNA & CCENT
Hey guys,
I'm reading Wendell Odom's ICND2 and was going over this example at page 242, figure 6-3.
He answers the example completely in Example 6-5 at pg 243. He suggested outbound ACL on Yosemite's s0 and s1 to prevent sam from reaching Bugs or Duffy.
Now, my question is: Wouldn't it be more efficient to implement an outbound ACL on Albuquerque's E0 interface? This way if the link between Yose. and Sev. goes down, Sam would still be able to reach Sev.
Also, I think I remember the author saying that when it comes to standard ACL, always apply ACLs on the nearest interface to destination, which in this case should be Albuquerque's E0 interface anyway.
I hope someone could clarify
Thanks
I'm reading Wendell Odom's ICND2 and was going over this example at page 242, figure 6-3.
He answers the example completely in Example 6-5 at pg 243. He suggested outbound ACL on Yosemite's s0 and s1 to prevent sam from reaching Bugs or Duffy.
Now, my question is: Wouldn't it be more efficient to implement an outbound ACL on Albuquerque's E0 interface? This way if the link between Yose. and Sev. goes down, Sam would still be able to reach Sev.
Also, I think I remember the author saying that when it comes to standard ACL, always apply ACLs on the nearest interface to destination, which in this case should be Albuquerque's E0 interface anyway.
I hope someone could clarify
Thanks
Comments
-
froufrou123 Member Posts: 29 ■□□□□□□□□□Another thought: wouldn't this same outbound ACL prevent Sam from accessing anything that differs his own subnet, since standard ACL only looks at the source IP address?
-
gregorio323 Member Posts: 201 ■■■□□□□□□□I see what you I've opened my book at took a look at it. It's correct i think you got confused you said he put s0 and s1 ACL's on Yosemite actually he set it up on Yosemite s0 to prevent sam from reaching bugs and daffy. and on S1 out on seville to prevent any host on seville to reach yosemite. and putting it on the E0 interface you'll be denying too much you might as well unplug them off the cable if you do that. They wont be able to access anything on the network.
-
chmorin Member Posts: 1,446 ■■■■■□□□□□I'm not sure where but this exact question was asked somewhere in these forums and I know it got a few replies. Funny that more people notice it, though.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle.