Question : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY

im wishing to add my master dc to the network on a basic rip/ver1 network, but not until ive clarified below:  according to my book it states: can anyone give me advice because im confused!!!!

rules:
1. standard acl's - should be added on the router closest to the destination
2. extended acl's - should be added on the router closest to the source

my config below shows that both standard & extended acl's are both on my vista router being the source.  ive also carried out an extended ping command and 10/net cannot ping 192.168.3.2 and this i agree, but if the rules are as above why is the standard acl working as my acl's are at the source, or are the rules the wrong way round?
-----------------------------------------------
Building configuration...

Current configuration : 726 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VISTA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 192.168.3.1 255.255.255.0
 ip access-group 50 out
!
interface Serial0
 ip address 192.168.1.1 255.255.255.0
 clock rate 56000
 no fair-queue
!
interface Serial1
 ip address 192.168.2.1 255.255.255.0
 clock rate 56000
!
router rip
 version 1
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
!
no ip http server
no ip classless
!
!
access-list 50 deny   10.0.0.0 0.0.0.255
access-list 50 permit any
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
!
end

VISTA#
----------------------------------------------
Building configuration...

Current configuration : 606 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 10.0.0.1 255.255.255.0
!
interface Serial0
 ip address 192.168.1.2 255.255.255.0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
router rip
 version 1
 network 10.0.0.0
 network 192.168.1.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end

SANJOSE1#
----------------------------------------
Building configuration...

Current configuration : 624 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 10.0.0.2 255.255.255.0
!
interface Serial0
 ip address 192.168.2.2 255.255.255.0
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
router rip
 version 1
 network 10.0.0.0
 network 192.168.2.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
!
end

SANJOSE2#

Answer : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY

Those aren't actually "rules". They are more like guidelines. The ACL is placed where it will accomplish the goals.


Random Solutions  
 
programming4us programming4us