cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
5
Helpful
3
Replies

Simple ACL Question

rcoote5902_2
Level 2
Level 2

Ok simple question but I have to ask it anyway:

When applying an inbound ACL to a router - does it matter if you apply it to the inside or outside interface?

I have a couple of routers that seem to be configured differently and I'm trying to clean up some of the configs.

One has:

interface FastEthernet0/0.1 (inside)

encapsulation dot1Q 8 native

ip dhcp relay information trusted

ip address x.x.x.x x.x.x.x

ip access-group 101 in

interface FastEthernet0/1.1 (outside)

encapsulation dot1Q 4

ip address x.x.x.x x.x.x.x

Yet another has:

interface FastEthernet0/0.1 (inside)

encapsulation dot1Q 8 native

ip dhcp relay information trusted

ip address x.x.x.x x.x.x.x

interface FastEthernet0/1.1 (outside)

encapsulation dot1Q 4

ip address x.x.x.x x.x.x.x

ip access-group 101 in

Which is correct?

3 Replies 3

acomiskey
Level 10
Level 10

They are both correct depending on how your access lists are written and what you are trying to block and in what direction.

In both examples the ACL's are identical, they are permitting inbound traffic from other sites.

So does that make a difference?

Yes, look at the source and destination addresses in the acl's. If all of the source addresses are on the outside then the acl would be applied into the outside interface.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: