how to know ip access-group out and in

Unanswered Question
May 7th, 2009
User Badges:

Dear All expert,


I really not sure about ip access-group in and out on interface in Cisco router and Switch....When we use in and when we use out?

Coudl you explain me when we can use this?


Best Regards,

Rechar_david

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Fri, 05/08/2009 - 03:19
User Badges:
  • Blue, 1500 points or more

That depends where is the traffic that you are going to filter coming from and which interface of your router/switch you plan to put the filter. What outgoing from one network/device is incoming to another network/device


For example if you are going to filter traffic coming from internet to your network;

- in your router interface facing internet (WAN interface), you should use "access-group in". This is the recommended way of doing it.

- in your router interface facing local area network (LAN interface), you should use "access-group out".


Another example if you are going to filter traffic coming from internet to your network and from your network to internet;

- in your router interface facing internet (WAN interface), you should use "access-group in" to filter incoming traffic from internet to your network.

- in your router interface facing internet (WAN interface), you should use "access-group out" to filter outgoing traffic from your network to internet.


Inbound ----- The packet will not pass through the routing policy. The packets will not be able to communicate with the router through the interface in question.


Outbound ---- The packet would have been processed by the routing policy. The packets can communicate with other interfaces of the router if there is need for that.



Actions

This Discussion