02-18-2017 08:02 AM - edited 03-08-2019 09:24 AM
Hi,
R1----1gigR2gig3----R3
R2 deny outbound HTTP traffic on its interface gig3, if the traffic received on gig1 and CEF table put it on gig3, for the HTTP traffic, will it be denied on gig1 or gig 3?
02-18-2017 11:54 AM
Hello,
not sure I understand what you are asking...
If you apply the access list to Gig3, that is where it will be denied.
02-18-2017 12:29 PM
Hi
Please correct me if Im wrong.
You have a destination IP and it is known through R3 on R2, and an ACL is configured under the Gig3 interface in order to block http traffic to that destination, the ACL will be independent of CEF or routing table. In few words, you will have the destination entry on your routing table and CEF no matter you are blocking the http traffic under the Gig3 to that destination.
Other thing is you are using an ACL + filter method on some routing protocol, but I think it is not the case.
:-)
02-18-2017 12:50 PM
Hi ,
Outbound—If the access list is outbound, after the software receives and routes a packet to the outbound interface, the software checks the criteria statements of the access list for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.
Inbound —If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the criteria statements of the access list for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.
HTH
Regards,
VS.Suresh.
02-19-2017 06:57 AM
Hi,R1----1gigR2gig3----R3
R2 deny outbound HTTP traffic on its interface gig3, if the traffic received on gig1 and CEF table put it on gig3, for the HTTP traffic, will it be denied on gig1 or gig 3?
Hi ,
As Explained by others , Just giving a gist of definition with flow for your reference.
As per Cisco Documentation below is the definition for ACL direction.
Mainly What happens is , Inbound ACL software checks first and based on decision packets gets permitted or discarded.
With Outbound ACL Software receives and route to Outgoing Interface , then software checks for criteria and based on decision packets gets permitted or discarded.
Just with Flow for your reference
Inbound means the traffic coming towards the port from outside
Outbound means the traffic going outside, it must have entered through some other port.
Internet<---[ (Gi1) Router (Gi2) ]<----Host
If ACL is placed at Gi2
Inboud: Traffic coming from Host will be filtered
Outbout: Traffic from Internet going towards host will be filtered.
Hope it Helps.
-GI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide