Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3537
Views
0
Helpful
17
Replies

ACL direction

vishalpatil86
Level 1
Level 1

‎07-26-2011 03:02 AM - edited ‎03-07-2019 01:24 AM

hi,

i have applied following ACL to interface vlan 10 inward direction.

access-list 121 deny ip 10.86.60.0 0.0.0.127 any log

interface vlan 10

ip access-group 121 in

i tried to open google.com from 10.86.60.5, but it is denied.

here i have denied traffic from internet to my lan, then how come it is denying traffic from lan to internet?

Labels:
0 Helpful
17 Replies 17

vishalpatil86
Level 1
Level 1
In response to gazillion_dwolfe

‎07-26-2011 08:28 PM

hi,

now i understood it.

Thank u all

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to gazillion_dwolfe

‎07-26-2011 09:26 PM

Hi Doug Wolfe

just about your statment about ACL, it is not correct becuase you might have lan interface connected to routed network and you can source the ACL from any L3 IP with/without L4 port for packet filtering

in other words it is not has to be same as the source interface IP as with L3 the IP addrress is preserved when it pass any routed network unless it get NATed

HTH

0 Helpful

gazillion_dwolfe
Level 1
Level 1
In response to Marwan ALshawi

‎07-27-2011 08:52 AM

well as I said I took this from Cisco's own website.  I think it is a general rule and maybe there are circumstances where it does not work but it has helped me a great deal in remembering where and in what direction to apply the ACLs.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#sourcedefine

Doug

0 Helpful
Customers Also Viewed These Support Documents