Hi,
This depends on what you are trying to acheive but under most circumstances
one would tend to block the traffic at the entry point. For example, if it
was traffic from the WAN the block it coming in on the WAN interface. If
however you wanted to see the traffic in the router for some reason then you
might apply the same access-list on the ethernet going out.
So it really depends on what the needs of your access-lists are. Usually on
a 1 WAN port to 1 Ethernet port incoming from the WAN do it as INCOMING on
the WAN port.
Just some long winded thoughts from an older guy.
Teunis,
Hobart, Tasmania
Australia
On Monday, August 13, 2001 at 02:25:48 AM, yusuf ujjainwala wrote:
> I am a network engineer and have been assigned a task of implementing
access
> lists on our routers. I have decided on implementing extended access lists
> permitting specific ports and restricting the other unwanted ports,but I am
> not sure as to where I should apply the access lists ,on the ethernet or
> serial interfaces ,and whether inbound or outbound access lists should be
> applied.
> Can somebody help me .
--
www.tasmail.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15834&t=15830
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
