where to put the access list ( source/destination issues)
x_Danny_x
Member Posts: 312 ■■□□□□□□□□
in CCNA & CCENT
for standard access list i know you put them at the destination interface and while excess access lists you put them at the source interface.
well there has been exceptions where I saw a standard list being implement at the source interface in my New Horizons Cisco book. I dont understand why it was done that way.
Are there exceptions to this rule???
well there has been exceptions where I saw a standard list being implement at the source interface in my New Horizons Cisco book. I dont understand why it was done that way.
Are there exceptions to this rule???
There There, Its okay to feel GUILTY...........There is no SIN in PLEASURE!
Comments
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□You can place standard or extended access-lists where ever you like.
But it makes more sense to place the standard access-list as close to the destination as possible! Why?? because the standard access-list can only filter using the source ip address.If it is placed near the source you may limit this source ip address for your entire network rather than for a particular destination.So depending on what access you want to provide for the source address relates to where you place the access-list.
The extended access-list is more specific on what you filter so by placing this at the source you will only effect what you specify in the list and nothing else.By placing this as near the source as possible conserves bandwidth.So to sum up,wherever you place the access-lists depends on your network, and the rule you stated above is just a good design guide, which should make sense if you think about it!Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
x_Danny_x Member Posts: 312 ■■□□□□□□□□alright man thanks. I ment to say extended and not excess. hehehehThere There, Its okay to feel GUILTY...........There is no SIN in PLEASURE!