would be discarded.
inside the Mayberry router--for example, a ping command issued from Mayberry, will
work because the IOS will not filter packets originating in that router. Opie is still out of
luck--he'll never get (a packet) out of Mayberry!
Why or why not?
delivered to Governor if the route points directly from Mount Pilot to Raleigh so that the
packets do not pass through Mayberry. Therefore, the access list, as coded, stops only
hosts other than Andy on the Mayberry Ethernet from reaching Web server Governor.
Governor is allowed from hosts at any site, but so that no other access to hosts in Raleigh
is allowed.
of the danger with inbound access lists; with outbound lists, the router will not filter
packets originating in that router. With inbound access lists, all packets entering the
interface are examined and could be filtered. An IGRP protocol type is allowed in the
extended access-list command; therefore, IGRP updates easily can be matched. The
command access-list 130 permit igrp any performs the needed matching of IGRP
updates, permitting those packets. (This command would need to appear before any
statements in list 130 that might match IGRP updates.)
!
interface serial 0
ip access-group 44