Hi,
Once I apply the extended list on an interface for "IN" traffic, is it
implicitly block all incoming traffic on that interface?
I also want to know, for example.
access-list 110 permit tcp any any neq telnet
1. ip access-group 110 in
2. ip access-group 110 out
For 1, the source (any) would be internal network, destination (any) would
be outside.
Is it, for 2, the source would be outside network, destination would be
internal network?
Am I wrong with this kind of "point of view"?
Thanks
Raymond
Raymond Mak wrote:
> Hi,
>
> I am just a beginner. I have a question is that should I need to type
> any command to "enable" using ip extended access-list?
> It is because when I add an ip access-group for standard access-list on
> an interface, it works and no side-effect. But when I add an extended
> access-list on an interface,
> I even cannot ping out.
>
> Thanks
>
> Regards,
> Raymond
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
