Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
2
Replies

Access group in/out

Go to solution
spremkumar
Level 9
Level 9

‎10-06-2003 07:11 AM - edited ‎03-02-2019 10:48 AM

hi

I need some clarification in applying acls in interfaces.

after creating an ACL with a sample number 101 if u r applying the same in 2 interfaces (Ser1,eth0) how the traffic will be matched?

1.will it be matched based on inbound(traffic from u r trusted inside network)/outbound(traffic from untrusted outside network)

or

2.Based on In/Out traffic on ur interface(eg. like wht ever traffic generated from a pc(local lan)/also replies coming from outside network for the requests made by the pc will be IN traffic to eth0/ser 1 and traffic going out of ser1/eth0 treated as outgoing.

plz clarify these 2 simple points which is really haunting me..

prem

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jamey
Level 4
Level 4

‎10-06-2003 07:22 AM

If you have an ACL applied inbound to an interface:

int s0

ip access-group 101 in

the traffic that will be filtered will be traffic that is inbound to that interface. Inbound meaning coming into the interface from the WAN media.

If you have an ACL outbout on an interface:

int s0

ip access-group 101 out

The traffic that will be filtered will be traffic that is outbound of the interface onto the WAN media.

This includes packets sourced by the router and packets from other interfaces that have been processed by the router are are queued on the outbound interface s0

-HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jamey
Level 4
Level 4

‎10-06-2003 07:22 AM

If you have an ACL applied inbound to an interface:

int s0

ip access-group 101 in

the traffic that will be filtered will be traffic that is inbound to that interface. Inbound meaning coming into the interface from the WAN media.

If you have an ACL outbout on an interface:

int s0

ip access-group 101 out

The traffic that will be filtered will be traffic that is outbound of the interface onto the WAN media.

This includes packets sourced by the router and packets from other interfaces that have been processed by the router are are queued on the outbound interface s0

-HTH

0 Helpful

Go to solution
spremkumar
Level 9
Level 9
In response to jamey

‎10-06-2003 07:36 AM

jamey thks for the info

prem

0 Helpful
Customers Also Viewed These Support Documents