09-19-2018 02:24 AM - edited 03-08-2019 04:11 PM
Solved! Go to Solution.
09-19-2018 02:43 AM - edited 09-19-2018 02:44 AM
Hello,
If my understanding is correct you applied this ACL to switch interface where the router is connected on the inbound side. If the IP x.x.x.x resides behind the router the traffic "ip any x.x.x.x 0.0.0.0" will never hit that rule as the ACL will be inspected across traffic from the internet to your servers. If you want to deny that traffic you should use the rule "ip x.x.x.x 0.0.0.0 any". Note* this will block returning traffic from the host, but traffic from your internal clients will still be able to reach that external resource.
If you need to block any type of traffic to that host put the ACL on the router.
Regardin the in/out option it depends by the switch hardware architecture. Not all the switches have TCAM that can support both sides.
HTH,
ADP
09-19-2018 02:43 AM - edited 09-19-2018 02:44 AM
Hello,
If my understanding is correct you applied this ACL to switch interface where the router is connected on the inbound side. If the IP x.x.x.x resides behind the router the traffic "ip any x.x.x.x 0.0.0.0" will never hit that rule as the ACL will be inspected across traffic from the internet to your servers. If you want to deny that traffic you should use the rule "ip x.x.x.x 0.0.0.0 any". Note* this will block returning traffic from the host, but traffic from your internal clients will still be able to reach that external resource.
If you need to block any type of traffic to that host put the ACL on the router.
Regardin the in/out option it depends by the switch hardware architecture. Not all the switches have TCAM that can support both sides.
HTH,
ADP
09-19-2018 06:14 AM - edited 09-19-2018 06:19 AM
Thanks for the response.
The x.x.x.x is an address on the Internet and the ACL was supposed to filter inbound traffic. Although, the reverse seems to work, the essence of "OUT" is to filter that rule, but applying rules as "IN" is better.
Once again thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide