Re: About access-list

Wed, 27 Sep 2000 05:51:43 -0700 

You are correct in your assumptions. The only thing that you have to watch
out for it the "any" key word. I usually filter the traffic for a particular
interface if possible. This way you can help prevent spoofing.
Neil
"Raymond Mak" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Once I apply the extended list on an interface for "IN" traffic, is it
> implicitly block all incoming traffic on that interface?
>
> I also want to know, for example.
> access-list 110 permit tcp any any neq telnet
>
> 1. ip access-group 110 in
> 2. ip access-group 110 out
>
> For 1, the source (any) would be internal network, destination (any) would
> be outside.
> Is it, for 2, the source would be outside network, destination would be
> internal network?
> Am I wrong with this kind of "point of view"?
> Thanks
>
> Raymond
>
>
> Raymond Mak wrote:
>
> > Hi,
> >
> > I am just a beginner. I have a question is that should I need to type
> > any command to "enable" using ip extended access-list?
> > It is because when I add an ip access-group for standard access-list on
> > an interface, it works and no side-effect. But when I add an extended
> > access-list on an interface,
> > I even cannot ping out.
> >
> > Thanks
> >
> > Regards,
> > Raymond
> >
> > **NOTE: New CCNA/CCDA List has been formed. For more information go to
> > http://www.groupstudy.com/list/Associates.html
> > _________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to