Home > Access-list Questions

Access-list Questions

March 16th, 2020 Go to comments

Note: If you are not sure about Access list, please read our Access List Tutorial.

Question 1

Explanation

The “deny tcp any host 10.30.0.100 eq 80” command means “block all (any) traffic from accessing web server at 10.30.0.100 on port 80”. And since it is applied to VLAN 20 interface so only computers on VLAN 20 are affected.

In summary, just notice that 10.30.0.100 here is the destination IP address, not source address.

Note: The traffic flow from hosts in VLAN 20 to the Web Server is: host in VLAN 20 -> Interface VLAN 20 -> Interface VLAN 30 -> Web Server. If we place the ACL: host in VLAN 20 -> (ACL Inbound) Interface VLAN 20 -> Interface VLAN 30 -> Web Server. Therefore the ACL can block traffic from VLAN 20.

Question 2

Comments (2) Comments
  1. Mohammed
    June 21st, 2020

    Hello

  2. Anonymous
    June 29th, 2020

    very good

Add a Comment