ICND2 - ACL Inside & Outside interfaces?

BeanyBeany Member Posts: 177
in CCNA & CCENT
Morning,

i'm currently studying this topic ( I know its not on the 200-101) but i'm curious to know if anyone get confused working out what the IN or OUT interfaces would be? I get the idea but was thinking if the network is huge then this would definitely become confusing for me.

Do you follow a method to work this out?

thanks
· Share on FacebookShare on Twitter

Comments

  • steveyeungsteveyeung Member Posts: 44 ■■□□□□□□□□
    imagine yourself as a router, the inside interface is where the packet get inside you.
    and the outside interface is where the packet get out of you.
    · Share on FacebookShare on Twitter
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Wait.. ACLs were on the old ICND2 but taken out of the new ICND2?
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
    · Share on FacebookShare on Twitter
  • ph1x10nph1x10n Member Posts: 17 ■□□□□□□□□□
    Yea there now in ICND1.

    http://www.ccnaskills.com/announce2013-2/

    Good breakdown of the changes between the old and new versions of ICND1/2 there.
    · Share on FacebookShare on Twitter
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    So essentially, by doing the old ICND1 and the new ICND2, i'll effectively skip over ACLs completely?
    Interesting..
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
    · Share on FacebookShare on Twitter
  • steveyeungsteveyeung Member Posts: 44 ■■□□□□□□□□
    DoubleNNs wrote: »
    So essentially, by doing the old ICND1 and the new ICND2, i'll effectively skip over ACLs completely?
    Interesting..

    yes, it's weired. acl is a major topic in networking, how can cisco issue a ccna cert. without testing one's acl knowledge?
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    You'll probably skip over being tested on them, but I wouldn't skip learning them throughly. ACLs are a big part of a lot of things you will do in IOS. The new ICND2 seems to be more centered around implementing and troubleshooting advanced routing/switching topics and ICND1 is more around the basics and broad operating concepts of routing/switching.

    steveyeung wrote: »
    yes, it's weired. acl is a major topic in networking, how can cisco issue a ccna cert. without testing one's acl knowledge?

    Just one of the quirks of testing during the transition.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    I'm contemplating on testing for the new ICND1 before going for the new ICND2, just to fill in any gaps of knowledge that would occur otherwise.

    However, I haven't decided if I want to spend the extra time/money going that route just yet..
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I'd certainly recommend getting up to speed on any knowledge gaps, but I wouldn't waste the money taking the ICND1 exam again.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • PCSPrestonPCSPreston Users Awaiting Email Confirmation Posts: 127
    I recently took the old ICDN1 and working towards ICDN2. ACL's are not bad once you get the commands and then name the interfaces. For example, OUTSIDE and INSIDE for example is what I use.
    · Share on FacebookShare on Twitter
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    "in" means that the ACL is evaluated when the packet enters the router [and before any routing decisions are made by that router]. "out" means the ACL is evaluated after the routing decisions have been made, but before the packet leaves the router.

    From my notes (I believe I learned this from Lammle's 640-802 book)
    • Inbound ACLs are evaluated before the packet is routed
    • Outbound ACLs are evaluated after the packet is routed to the outgoing interface, but before it is placed in the queue
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
    · Share on FacebookShare on Twitter
  • jvrlopezjvrlopez Member Posts: 913 ■■■■□□□□□□
    IN/OUT is in relation to the direction the packet travels through the interface having the ACL applied to.

    In to the interface, out of the interface.

    Do not confuse or mistake this for the direction a packet travels from a host, as this will hinder your ability to comprehend applying ACLs. I made this mistake my first go around and spent a night wondering why all my statements and examples were backwards, lol!
    And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
    · Share on FacebookShare on Twitter
  • BeanyBeany Member Posts: 177
    I passed the old CCENT and now I am studying for the new ICND2. My first objective is to go through any topics that have been missed by the doing old/new exams.

    What i'm getting confused with is, just say when your looking at a diagram with a single router which has a left and a right interface how would someone work out which one is going inside the network and the other out? Would this be dependant on what's connected to each interface?
    · Share on FacebookShare on Twitter
  • steveyeungsteveyeung Member Posts: 44 ■■□□□□□□□□
    Beany wrote: »
    I passed the old CCENT and now I am studying for the new ICND2. My first objective is to go through any topics that have been missed by the doing old/new exams.

    What i'm getting confused with is, just say when your looking at a diagram with a single router which has a left and a right interface how would someone work out which one is going inside the network and the other out? Would this be dependant on what's connected to each interface?

    it can be both, depends on the traffic flow.
    if you configure an acl on an interface's as OUT, that means your acl monitor traffic flowing outside of that interface, but not flowing inside.
    · Share on FacebookShare on Twitter
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    steveyeung wrote: »
    yes, it's weired. acl is a major topic in networking, how can cisco issue a ccna cert. without testing one's acl knowledge?

    As good as Cisco's certification process is, again and I cannot stress this enough. Certifications are supplemental to your hands on experience.

    If you were working every day in a networking role, you would most definitely without a doubt be dealing with ACL's so it's no biggie. Even if you didn't work in a network role, if you were doing the appropriate labbing, you would run into them
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.