07-09-2013, 08:34 AM
Please read your book and understand access list directions. Then understand requirements in this sim:
Only host C should be able to access Stock Web Server. No other host from Hosts LAN or Core network should be able to access the Stock Web Server.
All other traffic from hosts to other servers should be allowed.
ACL applied on interface fa0/0 (servers LAN) as "out" means to check every packet exiting the router towards Servers LAN through fa0/0 - and the ACL allows Host C explicitly and denies any other hosts access to the Stock Web Server. All other hosts are allowed to access other web servers by "permit ip any any".
The "in" direction will only check packets originating from Servers LAN - which is contrary to the requirement.
If you place this ACL on fa0/1 as inbound, it will filter the traffic from Hosts LAN but it has no control on the traffic from the Core network - again contrary to the requirement.
Only host C should be able to access Stock Web Server. No other host from Hosts LAN or Core network should be able to access the Stock Web Server.
All other traffic from hosts to other servers should be allowed.
ACL applied on interface fa0/0 (servers LAN) as "out" means to check every packet exiting the router towards Servers LAN through fa0/0 - and the ACL allows Host C explicitly and denies any other hosts access to the Stock Web Server. All other hosts are allowed to access other web servers by "permit ip any any".
The "in" direction will only check packets originating from Servers LAN - which is contrary to the requirement.
If you place this ACL on fa0/1 as inbound, it will filter the traffic from Hosts LAN but it has no control on the traffic from the Core network - again contrary to the requirement.