CCNA Test and ACL's 1

[Dane0554]

Hopefully simple question for someone that has just passed CCNA - I've tried a couple of practice test and I always seem to get hung up on ACL's. It's not that I can't write or read them, but I seem to always trip up on what interface to place them on, seems like I always choose to apply them on the in interface and usually (according to practice test) I should be applying them out.

Does anyone have a handy rule of thumb for this?

Thanks,
Dan

 

[rmcp2k]

standard access list- apply closest to the destination
extended access list- apply cloeset to the source

access group apply on the the interface

 

[lerdalt]

The way I think of how to apply in-bound vs. out-bound, is if I have a router with 5 connections. A packet is received on interface 1, I want interfaces 2,3,and 4 to transmit it, but I don't want interface 5 to. So then I'd setup a blocking ACL and apply outbound to Interface 5.

On the flip side, let's say you have a worm outbreak and you want to deny all the traffic that one device is creating because of it. You can set an acl inbound to the interface that the traffic would be generated from.

Hope that helps.

 

[GM2005]

Really take the time to study them so they are second nature. The best Cisco instructor I ever met puts it like this: "After you set up the management and configure the connections, everything else with Cisco is access-lists."

lerdalt, your answer could not bettered if you tried.