applying Access lists

If I understand:

When applying access list to interfaces, we apply the standard access list at the destination interface
 we apply the extended access list at source interface or may be both.

Router(config-if)# ip access-group  AccessListName out

My question is:
- if we have 2 routers routerA and RouterB both have 3 interfaces, but dierectly connected through one interface.
we need to apply an  access lists to block SMTP traffic  from router A to routerB
an we need to block all traffic from host located  behind routerB network and going to routerA

how can we configure access lists?

Who is Participating?
Don JohnstonConnect With a Mentor InstructorCommented:
The following would be done on Router 1

access-list 1 deny
access-list 1 permit any
access-list 101 deny tcp any any eq 25
access-list 101 permit ip any any
int e2
 ip access-group 101 out
 ip access-group 1 in

Open in new window

Don JohnstonInstructorCommented:
If all you're trying to do is control access on the link between the two routers, then you could apply the standard ACL outbound on one router and the extended ACL inbound on the other.
jskfanAuthor Commented:
Here is the diagram:

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

jskfanAuthor Commented:
we need to apply an  access lists to block SMTP traffic  from router1 to router2
an we need to block all traffic from host located  behind router2 network and going to router1.
how do you write the command line to acieve that?

jskfanAuthor Commented:
could you please specufy whic int e2 are you applying the access lists to? is it the e2 on router1 or e2 on router2?

Don JohnstonInstructorCommented:
A router can only have one ethernet 2 interface.
jskfanAuthor Commented:
in the diagram both routers have e0,e1,e2
can you tell me to which e2 didi you apply the access list?
Don JohnstonInstructorCommented:
If you look at my comment where I posted the config, you will see "The following would be done on Router 1"

jskfanAuthor Commented:
sorry I did not see it.

The purpose of posting this question was to understand when and where to use the "in" and "out " at the interface level.

in your case you applied  :
Extended access list at the source router Router1 (e2) to prevent any SMTP traffic to go to Router2
Standard Access list at the destination router Router1 (e2) to prevent the traffic from  to come in through e2.
Is there any rule to follow in order to know to which interface the access list should be applied to?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.