|
-
July 27th, 2006, 03:22 PM
#1
Junior Member
Cisco ACL in/out question
When working with Cisco ACLs, the access-groups are applied to individual interfaces.
int s0
access - group 101 in
access - group 102 out
My understanding is that "in" is always traffic going towards the router, and "out" is always traffic going away from the router. Like this:
in = leaving the out = leaving the company
private network going to the Internet
----------------> ----------------------->
----------
e0 | router | s0
----------
out = entering the in = coming into the
private network company from the Internet
<-------------- <----------------------
So packets from the internal network to the Internet are "in" on e0 and "out" on s0.
Are my assumptions of in/out correct?
Also, can you split the in/out between interfaces like this:
int s0
access-group 101 in
int e0
access-group 102 in
Or should they be applied to the same interface?
Thanks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote