Microsoft
Software
Hardware
Network
Question : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
im wishing to add my master dc to the network on a basic rip/ver1 network, but not until ive clarified below: according to my book it states: can anyone give me advice because im confused!!!!
rules:
1. standard acl's - should be added on the router closest to the destination
2. extended acl's - should be added on the router closest to the source
my config below shows that both standard & extended acl's are both on my vista router being the source. ive also carried out an extended ping command and 10/net cannot ping 192.168.3.2 and this i agree, but if the rules are as above why is the standard acl working as my acl's are at the source, or are the rules the wrong way round?
--------------------------
----------
----------
-
Building configuration...
Current configuration : 726 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VISTA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip access-group 50 out
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
clock rate 56000
no fair-queue
!
interface Serial1
ip address 192.168.2.1 255.255.255.0
clock rate 56000
!
router rip
version 1
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
!
no ip http server
no ip classless
!
!
access-list 50 deny 10.0.0.0 0.0.0.255
access-list 50 permit any
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
VISTA#
--------------------------
----------
----------
Building configuration...
Current configuration : 606 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
!
interface Serial0
ip address 192.168.1.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.1.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end
SANJOSE1#
--------------------------
----------
----
Building configuration...
Current configuration : 624 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.2 255.255.255.0
!
interface Serial0
ip address 192.168.2.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.2.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
SANJOSE2#
Answer : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
Those aren't actually "rules". They are more like guidelines. The ACL is placed where it will accomplish the goals.
Random Solutions
Exchnage database restoration
Help with Lucene query in Alfresco
Vmware ESX best practice
IF - Then script based on file date?
How do I convert a 6 figure digit string to look like a date?
How can I set up email on my Samsung Black Jack cell phone (log)?
adding static IP addresses onto a network. anything I should take into account?
How do display number as KB, MB, or GB?
Users resolution keeps reverting back to 800x600
Setting up DNS records for a small business with a new domain