Category Archives: ACL

ACL and Types

http://www.ttlbits.com/2017/07/back-to-basics-access-lists-and-types.html?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3B6NwP5RMhRAWHUcOgg5zR8A%3D%3D

Access Control List (ACL)

Understanding ACLs
Classification – Router also use ACLs to identify particular traffic.
Filtering – You can use ACL as a filter to keep the rest of your network from accessing sensitive data on the finance subnet.

ACL Operation
ACLs operate in two ways:
– Inbound ACLs
– Outbound ACLs

Types of ACL
• Standard – Check the source address of packets that can be routed.
• Extended – Check both the source and destination.

Note: Standard ACL should be applied near to source and Extended near to destination to avoid extra lookups and consumption of bandwidth.

Access Number
1 – 99 or 1300 – 1999 is a Standard IP
100 – 199 or 2000 – 2699 is a Extended IP

ACL Keywords
Any – Used in place of 0.0.0.0 255.255.255.255
Host – Used in place of 0.0.0.0 in the wild card mask

The difference in applying an ACL in or out is pretty easy. When you apply an ACL “in”, the router examines all traffic it RECEIVES on the interface against the ACL.

When you apply an ACL “out” on an interface the router examines any traffic attempting to leave that interface against the ACL.

Also, I take it that your firewall is connected to your interface FastEthernet0/1. ANd also that you are NATing the 192.168.150.0/24 to 192.168.3.100-150 (Overloaded) on this router?

I imagine you are using NAT or PAT on the firewall for 192.168.3.0/24 traffic to access the internet. If you do not want your 192.168.150.0/24 traffic to go to the internet, I suggest removing the NATing on the router.

In–when you are running traffic coming INTO the interface through an ACL.
Out–when you are running traffic leaving the interface through an ACL.

Cisco ACL In and Out Questions


https://community.cisco.com/t5/network-management/ip-access-group-in-vs-out/td-p/620147