jskfan
asked on
applying Access lists
If I understand:
When applying access list to interfaces, we apply the standard access list at the destination interface
we apply the extended access list at source interface or may be both.
Router(config-if)# ip access-group AccessListName out
My question is:
- if we have 2 routers routerA and RouterB both have 3 interfaces, but dierectly connected through one interface.
we need to apply an access lists to block SMTP traffic from router A to routerB
an we need to block all traffic from host 192.168.1.45 located behind routerB network and going to routerA
how can we configure access lists?
thanks
When applying access list to interfaces, we apply the standard access list at the destination interface
we apply the extended access list at source interface or may be both.
Router(config-if)# ip access-group AccessListName out
My question is:
- if we have 2 routers routerA and RouterB both have 3 interfaces, but dierectly connected through one interface.
we need to apply an access lists to block SMTP traffic from router A to routerB
an we need to block all traffic from host 192.168.1.45 located behind routerB network and going to routerA
how can we configure access lists?
thanks
If all you're trying to do is control access on the link between the two routers, then you could apply the standard ACL outbound on one router and the extended ACL inbound on the other.
ASKER
ASKER
we need to apply an access lists to block SMTP traffic from router1 to router2
an we need to block all traffic from host 192.168.1.45 located behind router2 network and going to router1.
how do you write the command line to acieve that?
an we need to block all traffic from host 192.168.1.45 located behind router2 network and going to router1.
how do you write the command line to acieve that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
could you please specufy whic int e2 are you applying the access lists to? is it the e2 on router1 or e2 on router2?
A router can only have one ethernet 2 interface.
ASKER
in the diagram both routers have e0,e1,e2
can you tell me to which e2 didi you apply the access list?
can you tell me to which e2 didi you apply the access list?
If you look at my comment where I posted the config, you will see "The following would be done on Router 1"
ASKER
sorry I did not see it.
The purpose of posting this question was to understand when and where to use the "in" and "out " at the interface level.
in your case you applied :
Extended access list at the source router Router1 (e2) to prevent any SMTP traffic to go to Router2
Standard Access list at the destination router Router1 (e2) to prevent the traffic from 192.168.1.45 to come in through e2.
Is there any rule to follow in order to know to which interface the access list should be applied to?
The purpose of posting this question was to understand when and where to use the "in" and "out " at the interface level.
in your case you applied :
Extended access list at the source router Router1 (e2) to prevent any SMTP traffic to go to Router2
Standard Access list at the destination router Router1 (e2) to prevent the traffic from 192.168.1.45 to come in through e2.
Is there any rule to follow in order to know to which interface the access list should be applied to?