CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
| Author |
Inbound or Outbound Access-list
|
bhatok
Junior Member
Registered: Jan 2002
Location:
Country: United States
State:
Certifications: A+, Net+, Inet+, CIW, CCNA, MCP(2k Pro, 2kServer)
Working on: CCDA, CCNP, CCIE, MCSE
Total Posts: 23
|
|
 Inbound or Outbound Access-list
When applying an access-list to an interface how do you know if it should be inbound or outbound. I've read over this many times and i'm missing something. Can someone explain the difference? The book I'm reading says:
Inbound Access List - Packets are processed through the access-list before bein routed to the outbound interface.
Outbound Access List - Packets are routed to the outbound interface and then processed through the access-list.
Can anybody explain ????
Thanks
Brandon
Report this post to a moderator
|
|
 01-27-02 03:30 AM
|
|
wbafrank
Moderator
M
Registered: Nov 2001
Location:
Country: Great Britain (UK)
State:
Certifications: MCP, MCSA, MCSE, MCSD, MCDBA, A+, CCNA, i-Net+, M CIW SD, CIW P, CIW Associate
Working on: CCNP (2/4)
Total Posts: 3787
|
|
 Access Lists
 This may help:
For some protocols, you can apply up to two access lists to an interface: one inbound access list and one outbound access list. With other protocols, you apply only one access list which checks both inbound and outbound packets.
If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the access list's criteria statements for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.
If the access list is outbound, after receiving and routing a packet to the outbound interface, the software checks the access list's criteria statements for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.
__________________
One Exam leads to another! Where will it ever end?
Report this post to a moderator
|
|
|
01-27-02 04:23 AM
|
|
bhatok
Junior Member
Registered: Jan 2002
Location:
Country: United States
State:
Certifications: A+, Net+, Inet+, CIW, CCNA, MCP(2k Pro, 2kServer)
Working on: CCDA, CCNP, CCIE, MCSE
Total Posts: 23
|
|
|
|
01-27-02 04:39 AM
|
|
CyDiver
Member
M
Registered: Oct 2000
Location: Stockholm
Country: SWEDEN
State:
Certifications:
Working on: CCIE
Total Posts: 68
|
|
 Laman terms
Let me see if I can put this so you understand.
Lets say you have a router with only two interfaces...inbound and outbound... then if you are applying an access list to deny traffic. It would make more sense to put it on the inbound interface as this saves router resources as the packet is dropped inmmediately and not routed. Inbound access-lists affect the router as a whole.
Now if the router has more than two interfaces the above might will not work unless you want to block traffic to all possible outbound interfaces. If you want to block traffic to only one subnet then this is where you accesslist will be applied on the particular interface as outbound. In this way if the traffic is destined for another of the routers subnets then the packet is routed there.
hope this help!!!
__________________
Cy...
Report this post to a moderator
|
|
|
01-27-02 08:08 AM
|
|
Hippo
Practising member
Registered: Jan 2001
Location: Milton Keynes, England
Country: England
State:
Certifications: CCNA
Working on: Gave up with routing; gone switching instead.
Total Posts: 939
|
|
|
 bhatok
I answered a very similar question some time ago. Here's my reply; hope it helps.
Hiya
Access-lists are defined on the router. Take a standard IP access-list for example;
RouterA(config)Access-list 10 permit 172.16.100.10
Standard ACLs are defined by source IP address. This example ACL will permit traffic from host 172.16.100.10 INTO the router. When it is applied to an interface as follows:
RouterA(config)int e0
RouterA(config-if)ip access-group 10 in, or
RouterA(config-if)ip access-group 10 out
the keyword 'in' means PERMIT traffic FROM this SOURCE HOST, INTO int e0 (from the router), and
the keyword 'out' means PERMIT traffic FROM this SOURCE HOST, TO GO OUT OF int e0 (into the router.
Todd Lammle covers this subject well in chapter 9 of his study guide.
Cheers
Hippo
__________________
No longer a Karaoke virgin
Report this post to a moderator
|
|
|
01-27-02 10:01 AM
|
|
bhatok
Junior Member
Registered: Jan 2002
Location:
Country: United States
State:
Certifications: A+, Net+, Inet+, CIW, CCNA, MCP(2k Pro, 2kServer)
Working on: CCDA, CCNP, CCIE, MCSE
Total Posts: 23
|
|
|
You guys definitely got that one clear for me. Much appreciated!!!
I get better results on here than I do from school !!
Thanks a lot
Report this post to a moderator
|
|
|
01-28-02 01:46 AM
|
|
|
Click here for list of CCNA study
guides
Cisco exam notes
CCNA(tm) exam details
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
