ACL order...

Hey, why is it that we want to keep more specific entries at the top of an ACL? I can't figure out a reason. Seems to me we would want the more general at the top...

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Bl8ckr0uter

Daniel333 wrote: »

Hey, why is it that we want to keep more specific entries at the top of an ACL? I can't figure out a reason. Seems to me we would want the more general at the top...

Because the acls are read in order and compared in order. Plus since it is very router intensive, you want to get the packet action that you want as quickly as possible.

dynamik

Plus, doesn't the first match get applied? If you're matching on the more general ones, you'll never get to the more specific ones.

captobvious

dynamik wrote: »

Plus, doesn't the first match get applied? If you're matching on the more general ones, you'll never get to the more specific ones.

+1 takes me back to the old Basic days. Heck with number sequencing, it almost looks like a basic program. You have to think top-down when applying acl's.