Does ip access group command really needed ?
11 years 10 months ago - 11 years 10 months ago #38212
by rizin
Known is a drop, unknown is an Ocean
Does ip access group command really needed ? was created by rizin
Hi geeks,
I would like to know that do we really need ip access group command in all scenarios once we create the access list policy.
The reason i had raised this question is, i came across a access list policy video, on that the instructor created the extended access list policy in a router to prevent a host accessing web page, however he didn't apply the ip access group command on the interfaces and still the access list command working perfectly and the host unable to access the web page.
Note: the access list has been applied closest to the source.
Looking forward your replies and thanks in advance.
Regards,
Rizin
I would like to know that do we really need ip access group command in all scenarios once we create the access list policy.
The reason i had raised this question is, i came across a access list policy video, on that the instructor created the extended access list policy in a router to prevent a host accessing web page, however he didn't apply the ip access group command on the interfaces and still the access list command working perfectly and the host unable to access the web page.
Note: the access list has been applied closest to the source.
Looking forward your replies and thanks in advance.
Regards,
Rizin
Known is a drop, unknown is an Ocean
Last edit: 11 years 10 months ago by rizin. Reason: forget to add the command word in the subject
11 years 10 months ago #38216
by rizin
Known is a drop, unknown is an Ocean
Replied by rizin on topic Re: Does ip access group command really needed ?
I had got this answer.
There is some minute point i missed watching and hear it, the instructor of that video is really genius, before he went on creating other rules he informed us in earlier few seconds in that clip.
The scenario is Deny host accessing wan link and Specific webpage.
1) He stated clearly earlier that 1 ACL WILL BE APPLIED ON PER INTERFACE AND PER DIRECTION ONLY, so 1 ACL with two rules that he created must be applied on one interface.
2) Earlier he had already created one rule and applied on one interface, and he created another rule and left the interface undisturbed, since ip access-group command already been applied on that interface.
There is some minute point i missed watching and hear it, the instructor of that video is really genius, before he went on creating other rules he informed us in earlier few seconds in that clip.
The scenario is Deny host accessing wan link and Specific webpage.
1) He stated clearly earlier that 1 ACL WILL BE APPLIED ON PER INTERFACE AND PER DIRECTION ONLY, so 1 ACL with two rules that he created must be applied on one interface.
2) Earlier he had already created one rule and applied on one interface, and he created another rule and left the interface undisturbed, since ip access-group command already been applied on that interface.
Known is a drop, unknown is an Ocean
Time to create page: 0.112 seconds