On extended access-list statements, what is considered the source address and what is considered the destination address? For instance, is the source coming from the WAN interface or the Ethernet interface?
source and destination are dependent upon direction.
For example: client=10.1.1.1 server=18.104.22.168
ip address 10.1.1.2 255.255.255.0
ip access-group 101 in
ip address 22.214.171.124 255.255.255.0
ip access-group 102 in
access-list 101 permit ip 10.1.1.0 0.0.0.255 126.96.36.199 0.0.0.255
access-list 102 permit ip 188.8.131.52 0.0.0.255 10.1.1.0 0.0.0.255
In this case, a packet entering interface E0 (from client to server) will be checked against access-list 101. If the source address of this packet matches 10.1.1.?? and the destination address of this packet matches 11.1.1.?? then permit the packet and deny all others.
A packet entering interface E1 (from server to client) will be checked against access-list 102. If the source address of this packet matches 11.1.1.?? and the destination address of this packet matches 10.1.1.?? then permit this packet and deny all others.
The source address is where the packet came from and the destination address is where the packet is going.
If you put an INBOUND access-list on a WAN interface, the destination address would be something on your side of the WAN... the source would be something on the other side of the WAN. If you put an OUTBOUND access-list on a WAN interface, the source and destination are reversed.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...