07-06-2007 08:59 AM - edited 03-03-2019 05:45 PM
hi guys i'm a bit confuse about how access-lists works. i don't exactly understand when to use the ip access-group command and when not. Cause what i've learn yet a few days ago from some1 on this forum is that's it seems to have an access-lists activated without having the ip access-group command bound to an interface.
ill explane brief what my issue was if i may. I had conf a cisco 2611 for i-net access bout could not ping the default- gateway. my fault was that i had use the ip access-group out on my lan interface and when i removed it, it solved my problem.
i'm sorry my store seems a bit long but just wanted to give a good idea of the picture. so any help is welcome in explaning or directing me to some good books...or s'thing like access-lists for dummies.
thx in advance
bye flash
07-06-2007 09:22 AM
Hi Flash
The "ip access-group" command applies the access-list to the relevant interface. You can create as many access-lists as you like but if you don't apply them on an interface they won't take effect.
The other important thing to remember is that access-list are not just used for allowing and restricting traffic into and out of interfaces.
Thye can be used for NAT, PBR (Policy Based Routing), restricting snmp/telnet access to the router etc. and in most of these instances you would not need to use the "ip access-group" command.
Hope this makes sense
Jon
07-06-2007 12:27 PM
its a bit clearer but i guess to fully understand it i must play with them, but thx for clearing it a bit up..i've rate this post
bye flash
07-06-2007 01:04 PM
Hi Flash
It always becomes a lot clearer when you configure it and don't hesitate to come back with any more questions.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide