Difference between IN and OUT in Cisco ACL CCIE 400–101 practices
- Spoto
- |
- Posted on: 2019-06-28
- |
- Views: 2153
- |
- Category:
- ▸ Technical Article
In and out are relative, for example: A(s0) — — -(s0)B(s1) — — — — (s1)C Suppose you want to reject A to access C now, and assume that you are required Is to do ACL on B (of course C can also), we replaced this topology with an example: B’s s0 port is the front door, s1 port is the back door, the whole B is your living room, the front door is connected to the A, the living room The back door is connected to your home vault.
In and out are relative, such as:
A(s0) — — -(s0)B(s1) — — — — (s1)C. Suppose you want to deny A to access C now, and assuming you are asking for an ACL on B (of course C can also be), we replace this topology with an example:
The s0 port of B is the front door, the s1 port is the back door, the whole B is your living room, the front door is connected to A, and the back door of the living room is connected to your treasury .
Now to refuse the thief to come in from A, then you have to set up in your living room, there are 2 ways:
1. In your living room (B) front door (B s0) an iron gate (ACL), not let the thief come in (in), so that you can achieve the purpose
2. In the back door of your living room, there is an iron gate (s1 of B). Although the thief enters your living room, you still can’t go out from the back door to your treasury .
Although these two methods (in / out) can achieve efficiency, but from a performance point of view, there is still a difference, in fact, the best way is to choose method 1, just like the thief did not enter the vault, at least into In your living room (B), dirty the carpet in your living room (B will consume some extra unnecessary treatment)
Suppose you want to install the iron gate (ACL) in C. Should you use in or out?
This question is left to you to answer, lol.
Relative to the router, the router that crosses the router is about to enter
Expand acl, close to the source, standard acl close to the target address
In fact, the application of in and out is very flexible.
More infomation can be found in SPOTO Study Group. Join us for more details now.
More you may be interested:
SPOTO benefits! CCIE 2020 Routing and Switching Updates
CCIE expert teaches you how to cutover the network
Cisco CCIE Data Center Lab Equipment List
- Tags:
- cisco ACL
- CCIE 400 101
- CCIE DUMPS