Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3726
Views
5
Helpful
1
Replies

2960-X ACL/Out

Go to solution
ahmedabu_klam79@yahoo.com
Level 1
Level 1

ā€Ž11-08-2018 05:51 PM

I have  Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E3, RELEASE SOFTWARE (fc3)

and I created an access-list to prevent my network to access other 4-networks, the 4-networks I can not access the SWs.

when I tried to configure the access-group with my interface there was no "out" only the "in" option:

X-LAB(config)#int gig 1/0/47
X-LAB(config-if)#ip acc
X-LAB(config-if)#ip access-group 101 ?
  in  inbound packets

 

is there any option that I can activate the out bound option with the interface?

Preview file
33 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
georgehewittuk1
Level 1
Level 1

ā€Ž11-08-2018 11:53 PM - edited ā€Ž11-09-2018 12:00 AM

Switchports (as they are L2) only support inbound access-lists which is why you can't configure outbound.

 

If you can share the configuration and design of your network a little more it would be easier to advise where is most optimal to put your access-list. But from what you have shared applying inbound to this interface would give you your desired results i.e. no communication to 'other' networks.

 

edit: "Extended Access Control List (ACL) can filter the traffic based many factors like source IP address, destination IP address, Protocol, TCP or UDP port numbers etc.

Since an Extended Access Control List (ACL) can filter the IP datagram packet based on the destination IP address, it must be placed on the router which is near to the source network/host. If we place the Extended Access Control List (ACL) near to destination, the unwanted traffic may consume the bandwidth till destination, and the the unwanted traffic will get filtered finally near destination." http://www.omnisecu.com/cisco-certified-network-associate-ccna/where-should-an-extended-access-control-list-acl-be-placed.php

 

Reasoning for why we apply on the 'inbound' as soon as we can.

View solution in original post

1 Reply 1

Go to solution
georgehewittuk1
Level 1
Level 1

ā€Ž11-08-2018 11:53 PM - edited ā€Ž11-09-2018 12:00 AM

Switchports (as they are L2) only support inbound access-lists which is why you can't configure outbound.

 

If you can share the configuration and design of your network a little more it would be easier to advise where is most optimal to put your access-list. But from what you have shared applying inbound to this interface would give you your desired results i.e. no communication to 'other' networks.

 

edit: "Extended Access Control List (ACL) can filter the traffic based many factors like source IP address, destination IP address, Protocol, TCP or UDP port numbers etc.

Since an Extended Access Control List (ACL) can filter the IP datagram packet based on the destination IP address, it must be placed on the router which is near to the source network/host. If we place the Extended Access Control List (ACL) near to destination, the unwanted traffic may consume the bandwidth till destination, and the the unwanted traffic will get filtered finally near destination." http://www.omnisecu.com/cisco-certified-network-associate-ccna/where-should-an-extended-access-control-list-acl-be-placed.php

 

Reasoning for why we apply on the 'inbound' as soon as we can.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card