Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
5
Helpful
1
Replies

Standard ACLs: CCNA ICND-2 Official Study Guide: Error Mine or Book's?

CharlesMolnar
Level 1
Level 1

‎02-03-2011 08:46 PM - edited ‎03-03-2019 06:12 AM

Good evening.

The book in question is the CCNA ICND-2 Official Study Guide from Cisco Press, 2nd edition, copyright 2008 by Wendell Odom.  Specifically I'm referencing an example of standard ACL configuration, the example situation found on pages 241 through 243.

The criteria for the access lists state that Sam should not be allowed access to Bugs or Daffy; the implemented solution simply denies all outbound traffic from Sam on the Yosemite router.  Wouldn't this also prevent Sam from accessing resources on 10.1.30?  Wouldn't a better solution be to implement an outbound ACL on Albuquerque E0 to deny Sam access to the 10.1.1.0 subnet, like this?

interface ethernet 0

ip access-group 1 out

^Z

access-list 1 remark Denies access only to Sam

access-list 1 deny host 10.1.2.1

access-list 1 permit any

Maybe I'm reading the example entirely wrong, which is possible: it's pretty late here!  Any feedback would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-08-2011 08:54 AM 

Good evening.
The
 book in question is the CCNA ICND-2 Official Study Guide from Cisco 
Press, 2nd edition, copyright 2008 by Wendell Odom.  Specifically I'm 
referencing an example of standard ACL configuration, the example 
situation found on pages 241 through 243.
The
 criteria for the access lists state that Sam should not be allowed 
access to Bugs or Daffy; the implemented solution simply denies all 
outbound traffic from Sam on the Yosemite router.  Wouldn't this also 
prevent Sam from accessing resources on 10.1.30?  Wouldn't a better 
solution be to implement an outbound ACL on Albuquerque E0 to deny Sam 
access to the 10.1.1.0 subnet, like this?
interface ethernet 0
ip access-group 1 out
^Z
access-list 1 remark Denies access only to Sam
access-list 1 deny host 10.1.2.1
access-list 1 permit any
Maybe
 I'm reading the example entirely wrong, which is possible: it's pretty 
late here!  Any feedback would be greatly appreciated.

Hi,

Just a basic information on ACL woring flow,hope it would be helpful to deploy the acl in your scenario

An access-list can be assigned to an interface in two directions:  - INput - OUTput

Router(config)# int fa 0/0
Router(config-int)# ip access-group 100 in
Router(config-int)# ip access-group 101 out

An access-list that was assigned to an interface in the INput direction will be applied to packets that are coming to that interface.

An access-list that was assigned to an interface in the OUTput direction will be applied to packets that are leaving through that interface.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card