cancel
Showing results for 
Search instead for 
Did you mean: 

Access Control List Inbound vs Outbound

Access Control List Inbound vs Outbound

wmtanderson
New Contributor II
I'm new to Network Administration but I'm working on configuring ACL's to allow two subnets to communicate with each other across two sites. Isolation needs to exist so hosts within the subnets can only communicate to each other and the internet.

As an example:

10.10.10.0/21 - Remote Subnet
10.10.5.0/21 - Local Subnet
Both should have internet access and be able to communicate to each other only .


I'm hoping to find some documentation on the differences processing packets between inbound and outbound ACL's. We're currently using EOS on two S Series switches and the ACL's we have configured are not functioning but rather than delete the ACL's I'd like to use this as an opportunity to troubleshoot the ACL's.
1 ACCEPTED SOLUTION

wmtanderson
New Contributor II
Hi @Joshua Puusep ,

You're correct we're actually routing these over MPLS so there is a connection as well as a backup VPN tunnel for redundancy of connection. The issue I had was thinking of ACL's from an L2 perspective rather than L3. Inbound ACL's are inbound to the routing instance not the L2 Interface and Outbound is outbound of the routing instance. Once I was able to grasp this and diagram I was able to get the ACL's working correctly.

Thanks for the reply!

View solution in original post

2 REPLIES 2

wmtanderson
New Contributor II
Hi @Joshua Puusep ,

You're correct we're actually routing these over MPLS so there is a connection as well as a backup VPN tunnel for redundancy of connection. The issue I had was thinking of ACL's from an L2 perspective rather than L3. Inbound ACL's are inbound to the routing instance not the L2 Interface and Outbound is outbound of the routing instance. Once I was able to grasp this and diagram I was able to get the ACL's working correctly.

Thanks for the reply!

Joshua_Puusep
New Contributor III
FYI, Those subnets are private, i.e. you cannot typically route them over the internet without tunneling.
https://en.wikipedia.org/wiki/Private_network

Chapter 54 in the S-series configuration guide explains the use of ACL's:
https://documentation.extremenetworks.com/eos_config/downloads/S_K_7100_Configuration_Guide.pdf
GTM-P2G8KFN