Definition of "IN" in an Access-Group command

[swimclan]

Lets say I make the following config on the e0 interface in my 2524 router:

Router(config-if)# ip access-group 101 in

Does my diagram correctly illustrate "IN" traffic that is going to be filtered by Access-List 101? Meaning IN from the directly connected network as well as IN from the Serial Port side of the router???

Cisco 2524
----------------------
| |
| |
S0 ----> E0 <----(COMPANY ETHERNET)
| |
| |
----------------------

 

[trevorh13]

'IN' with respect to an access list is defined from the routers view point. In other words if traffic is entering your router from e0 we would say that the traffic was coming IN ether0. If traffic was leaving the router onto your ethernet network via e0 we would say the traffic was going OUT of e0. Therefore if you wanted traffic entering the router FROM your ethernet network to be matched against the rule of your access list you would apply the access list to e0 for incoming packets as you specified above.

I hope this answers your question and is of use to you.

 

[trevorh13]

'IN' with respect to an access list is defined from the routers view point. In other words if traffic is entering your router from e0 we would say that the traffic was coming IN ether0. If traffic was leaving the router onto your ethernet network via e0 we would say the traffic was going OUT of e0. Therefore if you wanted traffic entering the router FROM your ethernet network to be matched against the rule of your access list you would apply the access list to e0 for incoming packets as you specified above. If you wanted to filter the traffic coming in s0 and leaving the router via e0 you would need to configure the list as &quot;out&quot;.

I hope this answers your question and is of use to you.