cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

128
Views
5
Helpful
3
Replies
Highlighted
Explorer

Simple ACL Question

Ok simple question but I have to ask it anyway:

When applying an inbound ACL to a router - does it matter if you apply it to the inside or outside interface?

I have a couple of routers that seem to be configured differently and I'm trying to clean up some of the configs.

One has:

interface FastEthernet0/0.1 (inside)

encapsulation dot1Q 8 native

ip dhcp relay information trusted

ip address x.x.x.x x.x.x.x

ip access-group 101 in

interface FastEthernet0/1.1 (outside)

encapsulation dot1Q 4

ip address x.x.x.x x.x.x.x

Yet another has:

interface FastEthernet0/0.1 (inside)

encapsulation dot1Q 8 native

ip dhcp relay information trusted

ip address x.x.x.x x.x.x.x

interface FastEthernet0/1.1 (outside)

encapsulation dot1Q 4

ip address x.x.x.x x.x.x.x

ip access-group 101 in

Which is correct?

3 REPLIES 3
Advocate

Re: Simple ACL Question

They are both correct depending on how your access lists are written and what you are trying to block and in what direction.

Explorer

Re: Simple ACL Question

In both examples the ACL's are identical, they are permitting inbound traffic from other sites.

So does that make a difference?

Advocate

Re: Simple ACL Question

Yes, look at the source and destination addresses in the acl's. If all of the source addresses are on the outside then the acl would be applied into the outside interface.