This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Control List Inbound vs Outbound

Access Control List Inbound vs Outbound

Go to solution
wmtanderson
New Contributor II

‎10-07-2019 06:55 PM

I'm new to Network Administration but I'm working on configuring ACL's to allow two subnets to communicate with each other across two sites. Isolation needs to exist so hosts within the subnets can only communicate to each other and the internet.

As an example:

10.10.10.0/21 - Remote Subnet
10.10.5.0/21 - Local Subnet
Both should have internet access and be able to communicate to each other only .


I'm hoping to find some documentation on the differences processing packets between inbound and outbound ACL's. We're currently using EOS on two S Series switches and the ACL's we have configured are not functioning but rather than delete the ACL's I'd like to use this as an opportunity to troubleshoot the ACL's.
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
wmtanderson
New Contributor II

‎10-10-2019 03:08 PM

Hi @Joshua Puusep ,

You're correct we're actually routing these over MPLS so there is a connection as well as a backup VPN tunnel for redundancy of connection. The issue I had was thinking of ACL's from an L2 perspective rather than L3. Inbound ACL's are inbound to the routing instance not the L2 Interface and Outbound is outbound of the routing instance. Once I was able to grasp this and diagram I was able to get the ACL's working correctly.

Thanks for the reply!

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
wmtanderson
New Contributor II

‎10-10-2019 03:08 PM

Hi @Joshua Puusep ,

You're correct we're actually routing these over MPLS so there is a connection as well as a backup VPN tunnel for redundancy of connection. The issue I had was thinking of ACL's from an L2 perspective rather than L3. Inbound ACL's are inbound to the routing instance not the L2 Interface and Outbound is outbound of the routing instance. Once I was able to grasp this and diagram I was able to get the ACL's working correctly.

Thanks for the reply!
0 Kudos

Go to solution
Joshua_Puusep
New Contributor III

‎10-10-2019 03:02 PM

FYI, Those subnets are private, i.e. you cannot typically route them over the internet without tunneling.
https://en.wikipedia.org/wiki/Private_network

Chapter 54 in the S-series configuration guide explains the use of ACL's:
https://documentation.extremenetworks.com/eos_config/downloads/S_K_7100_Configuration_Guide.pdf
0 Kudos
GTM-P2G8KFN