Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CCNA Test and ACL's 1

Status
Not open for further replies.

Dane0554

IS-IT--Management
Jun 6, 2006
28
US

Hopefully simple question for someone that has just passed CCNA - I've tried a couple of practice test and I always seem to get hung up on ACL's. It's not that I can't write or read them, but I seem to always trip up on what interface to place them on, seems like I always choose to apply them on the in interface and usually (according to practice test) I should be applying them out.

Does anyone have a handy rule of thumb for this?

Thanks,
Dan
 
standard access list- apply closest to the destination
extended access list- apply cloeset to the source

access group apply on the the interface

 
The way I think of how to apply in-bound vs. out-bound, is if I have a router with 5 connections. A packet is received on interface 1, I want interfaces 2,3,and 4 to transmit it, but I don't want interface 5 to. So then I'd setup a blocking ACL and apply outbound to Interface 5.

On the flip side, let's say you have a worm outbreak and you want to deny all the traffic that one device is creating because of it. You can set an acl inbound to the interface that the traffic would be generated from.

Hope that helps.
 
Really take the time to study them so they are second nature. The best Cisco instructor I ever met puts it like this: "After you set up the management and configure the connections, everything else with Cisco is access-lists."

lerdalt, your answer could not bettered if you tried.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top