Figure 6-4 shows an example of an outbound ACL.
EIGRP OSPF
VPN
NAT
Access Control List Operation 209
Figure 6-4 Outbound ACL Operation
When a packet enters an interface, the router checks the routing table to see if the packet is
routable. If the packet is not routable, it is dropped.
Next, the router checks to see whether the destination interface is grouped to an ACL. If the
destination interface is not grouped to an ACL, the packet can be sent to the output buffer.
Examples of outbound ACL operations are as follows:
?– If the outbound interface is S0, which has not been grouped to an outbound ACL, the packet
is sent to S0 directly.
?– If the outbound interface is S1, which has been grouped to an outbound ACL, the packet is
not sent out on S1 until it is tested by the combination of ACL statements that are associated
with that interface. Based on the ACL tests, the packet is permitted or denied.
For outbound lists, ???to permit??? means to send the packet to the output buffer, and ???to deny??? means
to discard the packet.
With an inbound ACL, when a packet enters an interface, the router checks to see whether the
source interface is grouped to an ACL.
Pages:
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319