Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
2
Replies

Extended Access-list and Access-group

kjanakiraman
Level 1
Level 1

‎08-22-2002 12:10 AM - edited ‎03-02-2019 12:50 AM

I am getting confused with access-list and the access-group applying on an interface

Suppose my inside ip address x.x.x.x with subnet 255.255.255.0 and my internal web server with ip address x.x.x.x1 which should be accessed only by our remove office and their network is y.y.y.y. I create access-list like

access-list 101 permit ip y.y.y.y 255.255.255.0 host x.x.x.x1 which permit only the y subnet. That is fine. Now this access-list for the incomming request to the router serial interface.

Should the access-group command be access-group 101 in. Is this correct.

Like wise i do not want my x.x.x.x network to access z.z.z.z network i create access-list

access-list 102 deny ip x.x.x.x 255.255.255.0 z.z.z.z 255.255.255.0 . In this source is my network address and the the destination is outside and i create access group in serial interface like

access-group 102 out

Will this command work. Since some time when i give access-list and apply to any interface the communication with the router goes and i have to physically reboot the router to load in old configuration. this inbound and outbound with router's serial and ethernet interface confuses me a lot. Is there any good link for this or some one can explain me about this.

Thanks in Advance

Labels:
0 Helpful
2 Replies 2

ciscomoderator
Community Manager
Community Manager

‎08-29-2002 06:21 PM

Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it's often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

hmurthy
Level 1
Level 1

‎09-06-2002 10:33 PM

With access-group in you are controlling all the traffic that is coming into the router through that interfce .

If you are applying the access-group out that is effective for traffic going out of that interfce , i.s you want to control the traffic only going out through that interface.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfip.htm#30857

- Hari Murthy

0 Helpful
Customers Also Viewed These Support Documents