[cisco-bba] ACL application
Euan Galloway
euang+cisco-bba at lists.eusahues.co.uk
Thu Dec 16 07:18:17 EST 2010
On Sat, Dec 11, 2010 at 07:56:54PM +1000, Edward avanti wrote:
> Halo all,
>
> I understood that ACL on int's were transitting traffic and ACL on line was
> to the router?
Packet has to come through the interface (and therefore any ACL on the interface),
before it gets to any process running on the router (BGP/VTYs/anything else).
> I ask because I could not access router until I add my home IP on acl 101
> (the inbound)
> Is this because the external interface fe0 has inbound rules applied?
> For example, fe1 is to our network of servers I apply ingress rules on fe0
> which the SP link, is this right why I denied?
Yes
>
> Should I invert this all?, have no rules on fe0 and apply the
> network-ingress, as an outbound rule on fe1 instead?
Probably not (you would normally drop "as soon as possible", i.e.
igress).
P.S. Wrong group, nothing to do with bba, although 30 seconds with
google would have answered faster than posting here.
--
Euan Galloway
More information about the cisco-bba
mailing list