I would like to know that do we really need ip access group command in all scenarios once we create the access list policy.
The reason i had raised this question is, i came across a access list policy video, on that the instructor created the extended access list policy in a router to prevent a host accessing web page, however he didn't apply the ip access group command on the interfaces and still the access list command working perfectly and the host unable to access the web page.
Note: the access list has been applied closest to the source.
Looking forward your replies and thanks in advance.
Known is a drop, unknown is an Ocean
Re: Does ip access group command really needed ?
5 years 8 months ago #38216
There is some minute point i missed watching and hear it, the instructor of that video is really genius, before he went on creating other rules he informed us in earlier few seconds in that clip.
The scenario is Deny host accessing wan link and Specific webpage.
1) He stated clearly earlier that 1 ACL WILL BE APPLIED ON PER INTERFACE AND PER DIRECTION ONLY, so 1 ACL with two rules that he created must be applied on one interface.
2) Earlier he had already created one rule and applied on one interface, and he created another rule and left the interface undisturbed, since ip access-group command already been applied on that interface.