ACL on a port

Unanswered Question
Jul 17th, 2008

I have a WAN port with 3 IP address.

Couple of questions:

Is it possible to apply the ACL only on a IP address instead of the port?

Is it possible to apply multiple ACL on a port or IP address?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Thu, 07/17/2008 - 01:06

1. No, but the ACL can be written so that effects the IP address as needed.

2 - same as 1.

Please rate post if it helps!

Kevin Dorrell Thu, 07/17/2008 - 01:48

If you want to control traffic addressed to one of those three addresses, yes, you can do that as Paolo says, by crafting the access list according to the destination address.

If you want to control through traffic according to which IP address the remote router is routing to, then you cannot do it. The reason is that when the romote router passes you a packet, it could think it is routing through any one of those three addresses ... or even simply to the line itself. The point is that the packet carries only its original source address and its final destination address; it does not carry any information about what intermediate address the remote router thought it was routing through.

Kevin Dorrell



This Discussion