The result will be the same, but the main difference is until with first case (inbound) the packet is dropped without further processing the outbound filtering will be taken place after the packet went through the whole routing process. It depends what you want to achieve.
There is another aspect of this to consider. The extended access list specifies a source address and mask and a destination address and mask. If you change the access list from inbound to outbound it reverses which address is the source and which address is the destination.
You have a network on the LAN interface with 192.168.110.0/24 and want to restrict the 192.168.100.1 address to reach the 192.168.110.1.
access-list 101 deny ip host 192.168.100.1 host 192.168.110.1
access-list 101 permit ip any any
If you apply this rule to outbound direction to the ethernet interface you achieve that.
You can achieve the same by apply this rule to inbound on the interface facing to the WAN (like serial0). The result almost the same apart from that with the second case the packet will not be allowed to enter the router therefore you can save some resource.
I like the idea of Krisztian to create a small example to explain the issue. I would suggest a slightly different way to explain it. Using his example 192.168.110.1 is the inside address and 192.168.100.1 is outside. Then we need to consider which interface and which direction the access list will be applied. His example assumes an Ethernet and a serial. So lets start with the Ethernet interface. If we apply the access list inbound then the traffic is from inside toward outside and the inside address is the source and the outside address is the destination and the access list would be deny host 192.168.110.1 host 192.168.100.1. On the same interface if we apply the access list as outbound then the traffic is from outside to inside and the outside address is the source and the inside address is the destination and the access list would be deny host 192.168.100.1 host 192.168.110.1.
So the essential point is that the decision of which is source and which is destination depends on whether we are looking at traffic inbound or outbound.
I hope that this explanation helps you to understand this concept.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...