|
Home > Archive > CCNA > September 2000 > Access List Clarification
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Access List Clarification
|
|
|
| I need a clarification on a Boson test question.
The question:
Identify the access-list that denies only telnet traffic from 192.5.1.0 to 192.5.2.0 on Router A while permitting all other traffic.
Router A has two networks attached 192.5.1.0 on e0 and 192.5.2.0 on e1.
The answer which has been confirmed by Boson is:
access-list 100 deny tcp 192.5.1.0 0.0.0.255 any eq 23
access-list 100 permit ip any any
int e0
ip address 192.5.1.1
ip access-group 100 in
My question is why is the list set inbound on the interface? Shouldn't it be set outbound?
Thanks in advance
| |
|
| outbound on E0 would have no affect. the traffic would be coming into E0 and out E1 in order to get to 192.5.2.0. So you have two choices, make it inbound on E0, or outbound on E1. The recommended method is to place the access list closest to the source. Since the source is on E0, you place it inbound on the E0 int. This way, the traffic doesn't have to be processed by the router just to be dropped on E1
| |
|
|
|
|
|