ICND2 - Access Lists - outgoing on interface?

Node ManNode Man Member Posts: 668 ■■■□□□□□□□
in CCNA & CCENT
Hi Everbody,
Just curious, can anyone provide a real world situation where someone would want to use an outgoing access list on their interface?

Just curious.

Thanks!
· Share on FacebookShare on Twitter

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    Say for instance you have servers on your internal network and you want to limit the traffic that reaches them. An outgoing ACL would work perfect in that situation.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    You want to limit traffic to the internet (block certain ports or only allow certain ports). If you only have one route out to the internet (this is the most common configuration), just place the ACL on that interface outgoing. I had this exact situation on a Packet Tracer lab I found on the internet, but despite that being the obvious solution for what it was asking for (block specific traffic going to the internet), the lab insisted on using a single ACL placed on the router nearest the users. How does one block traffic to the internet without inadvertently blocking traffic to Intranet servers or adding alot of extra lines to the ACL [to permit traffic to the intranet servers] in that situation?
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
    · Share on FacebookShare on Twitter
Sign In or Register to comment.