ACL on a port

Unanswered Question
Jul 17th, 2008
User Badges:

I have a WAN port with 3 IP address.

Couple of questions:

Is it possible to apply the ACL only on a IP address instead of the port?

Is it possible to apply multiple ACL on a port or IP address?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paolo bevilacqua Thu, 07/17/2008 - 01:06
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

1. No, but the ACL can be written so that effects the IP address as needed.

2 - same as 1.

Please rate post if it helps!

Kevin Dorrell Thu, 07/17/2008 - 01:48
User Badges:
  • Green, 3000 points or more

If you want to control traffic addressed to one of those three addresses, yes, you can do that as Paolo says, by crafting the access list according to the destination address.

If you want to control through traffic according to which IP address the remote router is routing to, then you cannot do it. The reason is that when the romote router passes you a packet, it could think it is routing through any one of those three addresses ... or even simply to the line itself. The point is that the packet carries only its original source address and its final destination address; it does not carry any information about what intermediate address the remote router thought it was routing through.

Kevin Dorrell



This Discussion