Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Extended Access-list and Access-group

I am getting confused with access-list and the access-group applying on an interface

Suppose my inside ip address x.x.x.x with subnet 255.255.255.0 and my internal web server with ip address x.x.x.x1 which should be accessed only by our remove office and their network is y.y.y.y. I create access-list like

access-list 101 permit ip y.y.y.y 255.255.255.0 host x.x.x.x1 which permit only the y subnet. That is fine. Now this access-list for the incomming request to the router serial interface.

Should the access-group command be access-group 101 in. Is this correct.

Like wise i do not want my x.x.x.x network to access z.z.z.z network i create access-list

access-list 102 deny ip x.x.x.x 255.255.255.0 z.z.z.z 255.255.255.0 . In this source is my network address and the the destination is outside and i create access group in serial interface like

access-group 102 out

Will this command work. Since some time when i give access-list and apply to any interface the communication with the router goes and i have to physically reboot the router to load in old configuration. this inbound and outbound with router's serial and ethernet interface confuses me a lot. Is there any good link for this or some one can explain me about this.

Thanks in Advance

2 REPLIES

Re: Extended Access-list and Access-group

Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it's often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

Cisco Employee

Re: Extended Access-list and Access-group

With access-group in you are controlling all the traffic that is coming into the router through that interfce .

If you are applying the access-group out that is effective for traffic going out of that interfce , i.s you want to control the traffic only going out through that interface.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfip.htm#30857

- Hari Murthy

209
Views
0
Helpful
2
Replies
CreatePlease to create content