Microsoft
Software
Hardware
Network
Question : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
im wishing to add my master dc to the network on a basic rip/ver1 network, but not until ive clarified below: according to my book it states: can anyone give me advice because im confused!!!!
rules:
1. standard acl's - should be added on the router closest to the destination
2. extended acl's - should be added on the router closest to the source
my config below shows that both standard & extended acl's are both on my vista router being the source. ive also carried out an extended ping command and 10/net cannot ping 192.168.3.2 and this i agree, but if the rules are as above why is the standard acl working as my acl's are at the source, or are the rules the wrong way round?
--------------------------
----------
----------
-
Building configuration...
Current configuration : 726 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VISTA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip access-group 50 out
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
clock rate 56000
no fair-queue
!
interface Serial1
ip address 192.168.2.1 255.255.255.0
clock rate 56000
!
router rip
version 1
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
!
no ip http server
no ip classless
!
!
access-list 50 deny 10.0.0.0 0.0.0.255
access-list 50 permit any
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
VISTA#
--------------------------
----------
----------
Building configuration...
Current configuration : 606 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
!
interface Serial0
ip address 192.168.1.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.1.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end
SANJOSE1#
--------------------------
----------
----
Building configuration...
Current configuration : 624 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.2 255.255.255.0
!
interface Serial0
ip address 192.168.2.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.2.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
SANJOSE2#
Answer : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
Those aren't actually "rules". They are more like guidelines. The ACL is placed where it will accomplish the goals.
Random Solutions
use wireshark to capture whats happening during the logon process
dispersion module on visual net
pcanywhere - stopped working symantec version 11.5
Run the first php script in background - When done - run the next script ...
changing cell reference
User Certificate Enrollement Problem
Dealing with Corrupted System Files on Vista
User has 2 Calendars after migration
Understanding Analog Telephone Adaptors
Access form - Using Sum function to validate records