ACL Question

shadown7 · March 2005

Hi,

I'm trying to work on my CCNA 2 case study and I'm stuck. I've got 3 subnets and I need to keep subnet 1 to its one subnet. It can only leave its subnet to access the server on another subnet.

I know how to block the entire subnet with the wild card mask of 0.0.0.255 but I'm not sure where to put the ACL.

This network is on E0.. Do I block access to the inbound on E0 or to the outbound on S0 (which is the only way to the other subnets)

I've been working on this a week and I just keep running into a wall.

shadown7 · March 2005

I need some clear up something here. I know some people post on this forum when it is case study time looking for someone else to do the work for them. Well, I just want to clear up the I'm NOT one of them. I finished all of my case study except for the ACL part.

I'm wanting to know if someone who is good at ACL's could point me in the right direction. I've read all the threads and technotes on ACL's. I've also read the Cisco coursce material. For some reason this is not coming as easily as the rest of the stuff I've learned out Cisco.

Thanks,

Keith

Drakonblayde · March 2005

Well my first advice would be to try it and see what works

But for an access list, you have to look at it from the point of view of the interface, as if you were in the router looking out. If you were the e0 interface, than any traffic coming from that subnet would be inbound. Any traffic destined for that subnet would be outbound.

shadown7 · March 2005

Thanks,

I was going to try it when I got back to school. We are on spring break right now and I was just trying to figure it out. I've read your posts on ACL's and WOW you really know your stuff. I can't grasp it at all and I don't know why.

thanks again

Drakonblayde · March 2005

ACL's are no big deal, especially if you've ever setup a unix based firewall. Alot of the concepts are the same. Just have to keep in mind which way the traffic is flowing to minimize bandwidth use and still meet your access criteria.

rossonieri#1 · March 2005

understanding ACL :

| input WAN | output WAN | ---> supposed s0 interface
you'll apply ACL to s0 : in/out

router - you are here to set up the ACL

| input LAN | output LAN | ----> supposed e0 interface
you'll apply ACL to e0 : in/out

ACL is not blocking any trafic that come from the router -> where you standing in the middle.

barryn13087 · March 2005

Think from inside the router, do you want packets comming into the router from that port, or going out that port? or blocked etc...

shadown7 · March 2005

Thanks to everyone that answered. You've all been a good help!!

weaponmaster · March 2005

download this
http://www.umsl.edu/~cly7d/ACL%20inbound%20and%20out%20bound.pdf

shadown7 · April 2005

I completely got it now!! I can't believe it took me so long to figure this out. Now, I think ACL's are a piece of cake.

Thanks again to everyone that helped!

mistervince · April 2005

it sounds as though you would want to use an extended ACL for this. remember,

STANDARD ACLS - Put in closest to the destination IP.
EXTENDED ACLS - Put in closest to the source IP.

Are u in the Cisco Academy?

shadown7 · April 2005

Ya, I needed an Extended ACL for it. For some reason I was having a hard time undering the whole ACL concept. But, I've got it down and I'm having no trouble making an ACL work.

Yes, I'm finishing up CCNA II.

ACL Question

Comments