Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
Cisco
CCNA & CCENT
where to put the access list ( source/destination issues)
x_Danny_x
for standard access list i know you put them at the destination interface and while excess access lists you put them at the source interface.
well there has been exceptions where I saw a standard list being implement at the source interface in my New Horizons Cisco book. I dont understand why it was done that way.
Are there exceptions to this rule???
Find more posts tagged with
Comments
EdTheLad
You can place standard or extended access-lists where ever you like.
But it makes more sense to place the standard access-list as close to the destination as possible! Why?? because the standard access-list can only filter using the source ip address.If it is placed near the source you may limit this source ip address for your entire network rather than for a particular destination.So depending on what access you want to provide for the source address relates to where you place the access-list.
The extended access-list is more specific on what you filter so by placing this at the source you will only effect what you specify in the list and nothing else.By placing this as near the source as possible conserves bandwidth.So to sum up,wherever you place the access-lists depends on your network, and the rule you stated above is just a good design guide, which should make sense if you think about it!
x_Danny_x
alright man thanks. I ment to say extended and not excess. heheheh
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
