Microsoft
Software
Hardware
Network
Question : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
im wishing to add my master dc to the network on a basic rip/ver1 network, but not until ive clarified below: according to my book it states: can anyone give me advice because im confused!!!!
rules:
1. standard acl's - should be added on the router closest to the destination
2. extended acl's - should be added on the router closest to the source
my config below shows that both standard & extended acl's are both on my vista router being the source. ive also carried out an extended ping command and 10/net cannot ping 192.168.3.2 and this i agree, but if the rules are as above why is the standard acl working as my acl's are at the source, or are the rules the wrong way round?
--------------------------
----------
----------
-
Building configuration...
Current configuration : 726 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VISTA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip access-group 50 out
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
clock rate 56000
no fair-queue
!
interface Serial1
ip address 192.168.2.1 255.255.255.0
clock rate 56000
!
router rip
version 1
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
!
no ip http server
no ip classless
!
!
access-list 50 deny 10.0.0.0 0.0.0.255
access-list 50 permit any
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
VISTA#
--------------------------
----------
----------
Building configuration...
Current configuration : 606 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
!
interface Serial0
ip address 192.168.1.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.1.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
end
SANJOSE1#
--------------------------
----------
----
Building configuration...
Current configuration : 624 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SANJOSE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 10.0.0.2 255.255.255.0
!
interface Serial0
ip address 192.168.2.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
router rip
version 1
network 10.0.0.0
network 192.168.2.0
!
no ip http server
no ip classless
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
SANJOSE2#
Answer : DIFFERENCE BETWEEN STANDARD & EXTENDED ACL'S QUERY
Those aren't actually "rules". They are more like guidelines. The ACL is placed where it will accomplish the goals.
Random Solutions
Running the System Update readiness tool.
Coldfusion -SQL and LIKE question
OCS 2007 R2 and Cisco call manager
cd business card
File Upload in AJAX enabled TabContainer
Login control design and Programming
Offline address book cannot be downloaded after moving mailbox to exchange 2010
Digital signature control not visible
I recieved an email from someone: how can i see from server who sent it?
Integrating projects