01-29-2020 11:47 AM
Is it proper to configure a router interface with an ACL for In and Out if you don't want that particular traffic to be allowed?
Solved! Go to Solution.
01-29-2020 02:41 PM
The answer depends on understanding precisely what you are trying to accomplish. If the goal is to prevent communication between the two subnets, and since most of our IP traffic is bi-directional (hostA sends something to hostB and hostB sends a response to hostA), a single access list would be sufficient to prevent communication (and could be either inbound or outbound). If your goal is to make sure that no traffic from one subnet goes to the other subnet then you would need an access list inbound and another access list outbound.
HTH
Rick
01-29-2020 11:51 AM
It really depends on the nature of the traffic and the direction you want to prevent or block the traffic? If it's into the interface then an inbound, leaving the interface, then an outbound. Additionally, if an ACL is needed, it's generally a good practice to apply both an in and out ACL to cover all bases.
Hope this helps
01-29-2020 02:41 PM
The answer depends on understanding precisely what you are trying to accomplish. If the goal is to prevent communication between the two subnets, and since most of our IP traffic is bi-directional (hostA sends something to hostB and hostB sends a response to hostA), a single access list would be sufficient to prevent communication (and could be either inbound or outbound). If your goal is to make sure that no traffic from one subnet goes to the other subnet then you would need an access list inbound and another access list outbound.
HTH
Rick
01-29-2020 03:33 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide