hi,
pls, i want you to explain what is inbound and outbound access list means and give a practical application. The reply is needed urgently.

Thanks
omomummy82

The difference between an inbound and an outbound ACL is their placement within a network. Here are the specifics as best as I understand them:

Inbound ACL: This checks traffic as it enters a router and discards it if certain criteria are met. You want to use this if you know what the source of traffic is and place it as close to the source as possible. This is typically the best option, as it discards traffic before it can begin the routing process, saving bandwidth. You want to use extended ACL's this sort of control setup though, otherwise you will block all traffic from being routed, rather than specific ports or protocols.

Outbound ACL: This checks traffic as it leaves a router interface. This type of ACL is used when you want to block all traffic from leaving out an interface. This is where we use standard ACL's, since we don't want to just block a certain port, we want to block all traffic from reaching a particular destination. This type of ACL is not preferable, since it wastes bandwidth by allowing the traffic to traverse the network before it is dropped.

Here are some examples:
You want to block telnet access from the 172.16.5.0/24 network to the 172.16.22.0/24 network. You would create an access list as follows:
(config)#access-list 100 deny tcp 172.16.5.0 0.0.0.255 172.16.22.0 0.0.0.255 eq 23.
(config)#access-list 100 permit any
Assuming that 172.16.5.0/24 is connected to fa0/0, you would then apply the access list to the interface:
(config)#int fa0/0
(config-if)#ip access-group 100 in
Now, only telnet access from 172.16.5.0/24 with a destination of 172.16.22.0/24 will be denied.

Now, lets say that you only want to allow traffic from 172.16.4.0/24 to reach your 172.16.22.0/24 network and want to block all other traffic. This is where you would use an outbound ACL. First, you would set up the following standard ACL's:
(config)#access-list 10 permit 172.16.4.0 0.0.0.255
Remember, there is an implicit deny all at the end of all access lists, so no other lines are necessary in the access-list.
Now, assuming that 172.16.22.0/24 is on fa0/1, we assign it to this interface as follows:
(config)#int fa0/1
(config-if)#ip access-group 10 out
Now, only traffic with a source IP of 172.16.4.0/24 will be allowed to pass through fa0/1 and reach the 172.16.22.0/24 network.

I hope this helps you understand the difference between inbound and outbound access lists.

Dear sir, I am new to Networking. I have gone through 6th edition book of lamme sir..I have some doubt in SDM...Wat it is(actully)..How do i get the wizard..pliz explain it..Thank u .. or u can mail me at ..


sankar.jyotinath@gmail.com pliz do reply itz urgent

sankar j nath

Hi Sankar,

SDM is abbreviation for Security Device Manager in Cisco. It is GUI part of Cisco. You have to have a Router with new IOS version to see this actually.
I have packet Tracer 5.0 which is cool but can't use SDM on that.

Hope it clarifies...cheers

The difference between an inbound and an outbound ACL is their placement within a network. Here are the specifics as best as I understand them:

Inbound ACL: This checks traffic as it enters a router and discards it if certain criteria are met. You want to use this if you know what the source of traffic is and place it as close to the source as possible. This is typically the best option, as it discards traffic before it can begin the routing process, saving bandwidth. You want to use extended ACL's this sort of control setup though, otherwise you will block all traffic from being routed, rather than specific ports or protocols.

Outbound ACL: This checks traffic as it leaves a router interface. This type of ACL is used when you want to block all traffic from leaving out an interface. This is where we use standard ACL's, since we don't want to just block a certain port, we want to block all traffic from reaching a particular destination. This type of ACL is not preferable, since it wastes bandwidth by allowing the traffic to traverse the network before it is dropped.

Here are some examples:
You want to block telnet access from the 172.16.5.0/24 network to the 172.16.22.0/24 network. You would create an access list as follows:
(config)#access-list 100 deny tcp 172.16.5.0 0.0.0.255 172.16.22.0 0.0.0.255 eq 23.
(config)#access-list 100 permit any
Assuming that 172.16.5.0/24 is connected to fa0/0, you would then apply the access list to the interface:
(config)#int fa0/0
(config-if)#ip access-group 100 in
Now, only telnet access from 172.16.5.0/24 with a destination of 172.16.22.0/24 will be denied.

Now, lets say that you only want to allow traffic from 172.16.4.0/24 to reach your 172.16.22.0/24 network and want to block all other traffic. This is where you would use an outbound ACL. First, you would set up the following standard ACL's:
(config)#access-list 10 permit 172.16.4.0 0.0.0.255
Remember, there is an implicit deny all at the end of all access lists, so no other lines are necessary in the access-list.
Now, assuming that 172.16.22.0/24 is on fa0/1, we assign it to this interface as follows:
(config)#int fa0/1
(config-if)#ip access-group 10 out
Now, only traffic with a source IP of 172.16.4.0/24 will be allowed to pass through fa0/1 and reach the 172.16.22.0/24 network.

I hope this helps you understand the difference between inbound and outbound access lists.

Don't know if i am right here but in your statement on your extended access list example would it not be permit ip any any instead of permit any?

it doesnt really matter coz when you will try to use it that way, the router will return an error saying incomplete command.

however, if you are looking at it from a CCNA pov, you gotta know that. and thats what the ? command is for isnt it?