Is ACL applied to the interface or routing brain?
johnifanx98
Member Posts: 329
in CCNA & CCENT
For "in" rule, definitely it's most efficient to apply it to the network interface. However, for the "out" rule, especially the filter of IP addr/transport port, it does not need to wait until a MAC frame is formed at the interface before checking the IP header. Is it the case?
Consider an access list in MAC address and an access list on IP address. The former one has to be checked on the interface, while the latter one does not have to be.
Consider an access list in MAC address and an access list on IP address. The former one has to be checked on the interface, while the latter one does not have to be.