Microsoft
Software
Hardware
Network
Question : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
im wishing to add my master dc to the network on a basic rip/ver1 network, but not until ive clarified below: according to my book it states: can anyone give me advice because im confused!!!!
rules:
1. standard acl's - should be added on the router closest to the destination
2. extended acl's - should be added on the router closest to the source
my config below shows that both standard & extended acl's are both on my vista router being the source. ive also carried out an extended ping command and 10/net cannot ping 192.168.3.2 and this i agree, but if the rules are as above why is the standard acl working as my acl's are at the source, or are the rules the wrong way round?
--------------------------
----------
----------
-
Building configuration...
Current configuration : 726 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VISTA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip access-group 50 out
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
clock rate 56000
no fair-queue
!
interface Serial1
ip address 192.168.2.1 255.255.255.0
clock rate 56000
!
router rip
version 1
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
!
no ip http server
no ip classless
!
!
access-list 50 deny 10.0.0.0 0.0.0.255
access-list 50 permit any
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
VISTA#
--------------------------
----------
----------
Building configuration...
Current configuration : 606 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
!
interface Serial0
ip address 192.168.1.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.1.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end
SANJOSE1#
--------------------------
----------
----
Building configuration...
Current configuration : 624 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.2 255.255.255.0
!
interface Serial0
ip address 192.168.2.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.2.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
SANJOSE2#
Answer : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
Those aren't actually "rules". They are more like guidelines. The ACL is placed where it will accomplish the goals.
Random Solutions
CentOS 5.3: search keyword in array of logs: how?
asp.net: How to bind Images to a ListView from a Database - I have a special need! the Image have already be downloaded
What is the best GUI for MySQLfor Windows and why?
How to Open a Console Session (xterm)
RHEL command to do an LS and have the result stop until you hit the space bar
migrate drupal from CentOS 4 to Centos 5 -----Also, Physical Machine to Virtual Machine
EASY VPN CISCO
Powershell script to create AD accounts from spreadsheet
RAID 10 array keeps failing on HP P410i
How to write a simple PHP login script