Access List- Help

Author

Access List- Help

WOODMAN
Guest

Registered: Not Yet
Location:
Country:
State:
Certifications:
Working on:

Total Posts: N/A

Guys, I need your help!! I can't understand "access-list". I am having trouble mainly on the terminology, ie in/out/permit/deny.
If anyone can help me out, please do. I am using Sybex and also Cisco Press and for some reason I am still having a mental bloc on this topic. Mainly I'm looking for a better reference if there is one. Once I complete this, I'll be ready for the exam.

Thanx Guys,

WoodMan

Thanx

Report this post to a moderator

02-19-01 05:38 PM

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

Try this: http://www.examnotes.net/forums/sho...9&highlight=ACL and let me know if you need clarifications.

Cheers!

Report this post to a moderator

02-19-01 06:22 PM

Click here to Send dmaftei a Private Message

IP: Logged

Guest

Registered: Not Yet
Location:
Country:
State:
Certifications:
Working on:

Total Posts: N/A

Access List

First, I'd like to thank you, dmaftei, for your quick reply to this matter.

I'm still alittle vague as to the terms "in/out" as applied to interfaces.

Any clarification on that will be greatly appreciated.

Thanx Much,

WoodMan

Report this post to a moderator

02-19-01 09:00 PM

IP: Logged

subnet__zero
Member

Registered: Oct 2000
Location: NYC
Country: US
State:
Certifications:
Working on: LMAO

Total Posts: 137

If you check out Lammel's book on pg. 447 (fig. 9.1 on pg. 446) it gives you a pretty straight forward explanation of a simple standard access-list and why to place it on a given port. Follow the commands and the explanation, referring to fig. 9.1
Much easier to follow this than for me to explain it.

Report this post to a moderator

02-20-01 03:40 AM

IP: Logged

dmaftei
Senior Member
M

Registered: Nov 2000
Location:
Country: USA
State:
Certifications: none
Working on: none

Total Posts: 2156

"in" and "out" are relative to the router. Something like:

interface eth0
access-group 11 in
access-group 12 out

means:

- all packets that "enter" the router through interface eth0 are checked against access list 11. If a packet matches a "permit" rule, it is allowed to "enter"; if a packet matches a "deny" rule, or if it does not match any rule (remember the implicit "deny any" at the end of the list), it is dropped.

- all packets that are about to leave the router through interface eth0 are checked against access list 12. The same reasoning as above applies.

Another point to remember is that if you apply an access list that does not exist, all packets will pass (it's like you didn't apply a list at all).

Makes sense?

Report this post to a moderator

02-20-01 04:09 AM

IP: Logged

Yankee
Senior Member

Registered: Jun 2000
Location:
Country: United States
State:
Certifications:
Working on: none

Total Posts: 1411

Draw the typical circle icon for a router with an ethernet interface coming off of it. Now draw an arrow from the ethernet interface "in" to the router. That arrow indicates the direction of the packets that would be effected by the "IN" access list.

An arrow drawn "OUT" from the router to the ethernet would demonstrate the direction of the packets effected by "OUT" access list.

I realize others have stated the same correct info, but sometimes a picture helps visulize the process.

Yankee

Report this post to a moderator

02-21-01 12:25 AM

Click here to Send Yankee a Private Message

IP: Logged

Guest

Registered: Not Yet
Location:
Country:
State:
Certifications:
Working on:

Total Posts: N/A

Thanx Much Guys!! You've all been very, very helpful!!!!

Good Luck to you all in your careers!!!

WoodMan!

Report this post to a moderator

02-21-01 02:35 AM

IP: Logged