To my best knowledge it means what you state: one in each direction. Saying this I must add that it makes little sense to permit certain ip's / mac adresses in only one direction.
Best practice is to us either an incoming or an outgoing access list.
Using an ip acl on a layer2 interface (switchport) does not do anything because the interface does not look at the ip information. This kind of acl should be used on a vlan interface or an interface that is not in switchport mode (int xx, no switchport)
Maybe I was working under a misaprehension, but I thought that port ACLs could still filter on IP, even if the port itself was not processing layer-3. After all, it is just a mask line in the ASIC.
As for both in and out ... at the end of this trunk there is a switch in VTP transparent that has a VLAN that is supposed to be isolated. The only way into this VLAN is through an application gateway on a 2-NIC-PC that is also on that switch. But I suspect that the PC is leaking packets between the supposedly-isolated VLAN and the production VLAN. That is why I am trying to block any traffic to and from addresses that should be on that isolated subnet.
I am fairly sure it is not a native VLAN issue. I keep all my trunks on a dummy native VLAN that is not used anywhere else, so effectively all frames are tagged. Furthermore, only one VLAN is allowed on the uplink to this switch, and that is the one on the production side of the application-gateway-PC.
I am fairly sure it is an issue within the application-gateway-PC itself, and my money would be on that horrible bridge that XP creates by default whenever a PC has more than one NIC. I have already sent the PC support guys to look at it, but I'm not sure they understood the concept. I might have to go and look myself :-(
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.