ACL placement

Admiral AkmirAdmiral Akmir Member Posts: 40 ■■□□□□□□□□
in CCNA & CCENT
So, standard ACL's go closest to the destination, and extended ACL's are supposed to be as close to the filtered addresses as possible, what is the reasoning behind this?
· Share on FacebookShare on Twitter

Comments

  • VinnyCiscoVinnyCisco Member Posts: 176
    You can place them where ever you want. HOWEVER, there are best practices that CISCO recommends.

    Standard ACLs can only filter the source IP\source IP network, so placing it at the destination makes more sense. Placing a standard ACL near the source might stop traffic from leaving your network.

    Extended ACLs are more specific on what you can filter. Applying the Extended ACL closer to the source in this instance is best practice and will only filter what you specify. Placing an Extended ACL closer to a source will also save bandwidth.

    In the end, it really depends on your network design what will dictate where you place the ACLs, and Cisco states the above as good design.

    Hope this helps.
    "Failure is the prerequisite of Success" - V. G.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.