Re: Have a question about this ACL packet tracer

WC142 · ‎11-01-2022

I am doing packet tracer 5.5.1 and I have a question about it. I attached the tracer file if you'd like to look at it. My question is, when you go into the interface to apply the settings you made so like "ip access-group 100 in", how do you know whether it should go in or out? I'm confused since each of the acls have similar directions but for the last acl it's supposed to go out while the first few are in, just want to know why.

NetworkDave · ‎11-01-2022

@WC142,

In or Out is in reference to which direction you want to filter traffic; Do you want the ACL applied to traffic coming into the interface or going out of the interface.

HTH

----------------------------------------------------------------------------------------------------
Remember to mark helpful posts and mark the correct answer as a solution; It helps other users with similar questions.

Martin L · ‎11-01-2022

Direction In is reference to filter incoming traffic whereas Out is for outgoing direction from perspective of the interface of the device. This very much relates to ACL source and Destination fields. I mean it matters how ACL is structured and where to apply it. Note that ACL structure starts with source command (only in case of standard ACL) then destination (in case of Advanced ACL). Other rule is to apply Standard ACL closer to destination place and Advanced ACL as close to source device as possible.

W. Odom CCNA book has some great examples of In/Out. also, You can find some videos on youtube about it.

Regards, ML
**Please Rate All Helpful Responses **