Re: Access-list Question [7:12043]
Its actually one access list per protocol, per direction, per interface. That rule is not violated in your example. The access list you're using inbound is merely the same one you've chosen to bind outbound. Dave ""Ayers, Michael"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Tis is true, why check 2 access lists in either direction? > > One inbound > One outbound > They can be the same, but they usually are different, each tuned to manage > the traffic flowing in the direction applied. Why make a router check lines > inbound that only match outbound traffic? > > > > > -Original Message- > From: Washington Rico [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 11, 2001 5:13 PM > To: [EMAIL PROTECTED] > Subject: Access-list Question [7:12043] > > Is it true that you can have only one access-list per direction per > interface. If so the below configuration be correct or incorrect. > > Thank you for your input. > > interface BRI0/0:1 > description Connection Segment > bandwidth 64 > ip address X.X.X.X 255.255.255.240 > ip access-group 100 in > ip access-group 100 out > no ip directed-broadcast > encapsulation ppp > no keepalive > no cdp enable > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > Privileged/Confidential Information may be contained in this message or > attachments hereto. Please advise immediately if you or your employer do > not consent to Internet email for messages of this kind. Opinions, > conclusions and other information in this message that do not relate to the > official business of this company shall be understood as neither given nor > endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12046&t=12043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Question [7:12043]
Tis is true, why check 2 access lists in either direction? One inbound One outbound They can be the same, but they usually are different, each tuned to manage the traffic flowing in the direction applied. Why make a router check lines inbound that only match outbound traffic? -Original Message- From: Washington Rico [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 5:13 PM To: [EMAIL PROTECTED] Subject:Access-list Question [7:12043] Is it true that you can have only one access-list per direction per interface. If so the below configuration be correct or incorrect. Thank you for your input. interface BRI0/0:1 description Connection Segment bandwidth 64 ip address X.X.X.X 255.255.255.240 ip access-group 100 in ip access-group 100 out no ip directed-broadcast encapsulation ppp no keepalive no cdp enable _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12045&t=12043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list Question [7:12043]
Hi, You have one in and one out. It would seem a bit strange blocking and/or allowing the same stuff in both directions however. Also if you were to monitor your access-list 100 it would not be able to identify which way the data came from easily. Just a thought Teunis, Hobart, Tasmania Australia On Wednesday, July 11, 2001 at 08:12:38 PM, Washington Rico wrote: > Is it true that you can have only one access-list per direction per > interface. If so the below configuration be correct or incorrect. > > Thank you for your input. > > interface BRI0/0:1 > description Connection Segment > bandwidth 64 > ip address X.X.X.X 255.255.255.240 > ip access-group 100 in > ip access-group 100 out > no ip directed-broadcast > encapsulation ppp > no keepalive > no cdp enable > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12071&t=12043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list Question [7:12043]
I don't believe this guy will actually implement this configuration. I think he just wants to know if it is theoretically possible. CM > -Original Message- > From: Tony van Ree [mailto:[EMAIL PROTECTED]] > Sent: 12 July 2001 06:56 > To: [EMAIL PROTECTED] > Subject: Re: Access-list Question [7:12043] > > > Hi, > > You have one in and one out. It would seem a bit strange > blocking and/or > allowing the same stuff in both directions however. Also if > you were to > monitor your access-list 100 it would not be able to identify > which way the > data came from easily. > > Just a thought > > Teunis, > Hobart, Tasmania > Australia > > On Wednesday, July 11, 2001 at 08:12:38 PM, Washington Rico wrote: > > > Is it true that you can have only one access-list per direction per > > interface. If so the below configuration be correct or incorrect. > > > > Thank you for your input. > > > > interface BRI0/0:1 > > description Connection Segment > > bandwidth 64 > > ip address X.X.X.X 255.255.255.240 > > ip access-group 100 in > > ip access-group 100 out > > no ip directed-broadcast > > encapsulation ppp > > no keepalive > > no cdp enable > > > __ > ___ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12095&t=12043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
