Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Access group in/out

hi

I need some clarification in applying acls in interfaces.

after creating an ACL with a sample number 101 if u r applying the same in 2 interfaces (Ser1,eth0) how the traffic will be matched?

1.will it be matched based on inbound(traffic from u r trusted inside network)/outbound(traffic from untrusted outside network)

or

2.Based on In/Out traffic on ur interface(eg. like wht ever traffic generated from a pc(local lan)/also replies coming from outside network for the requests made by the pc will be IN traffic to eth0/ser 1 and traffic going out of ser1/eth0 treated as outgoing.

plz clarify these 2 simple points which is really haunting me..

prem

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Access group in/out

If you have an ACL applied inbound to an interface:

int s0

ip access-group 101 in

the traffic that will be filtered will be traffic that is inbound to that interface. Inbound meaning coming into the interface from the WAN media.

If you have an ACL outbout on an interface:

int s0

ip access-group 101 out

The traffic that will be filtered will be traffic that is outbound of the interface onto the WAN media.

This includes packets sourced by the router and packets from other interfaces that have been processed by the router are are queued on the outbound interface s0

-HTH

2 REPLIES
Bronze

Re: Access group in/out

If you have an ACL applied inbound to an interface:

int s0

ip access-group 101 in

the traffic that will be filtered will be traffic that is inbound to that interface. Inbound meaning coming into the interface from the WAN media.

If you have an ACL outbout on an interface:

int s0

ip access-group 101 out

The traffic that will be filtered will be traffic that is outbound of the interface onto the WAN media.

This includes packets sourced by the router and packets from other interfaces that have been processed by the router are are queued on the outbound interface s0

-HTH

Re: Access group in/out

jamey thks for the info

prem

99
Views
0
Helpful
2
Replies
CreatePlease login to create content