Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

On what router and on which interface you prefer to configure the ACL(access control list), close to source or destination and in which situation?

user-image
Question added by Saqib Mehmood , Technical Team Lead/Safety Supervisor , Xchange Technology Group
Date Posted: 2013/12/06
Mostafa Khamies Dakam
by Mostafa Khamies Dakam , Network Specialist , Libyan Fertilizer Company

I Agree with Khaled Omar, it depends on purpose you need, Standard ACLs should be implemented as close as possible to the destination, and Extended ACLs is close to the source to reduce traffic load.

Khaled Omar
by Khaled Omar , Senior Service Delivery Engineer , Dell Technologies

Actually it depends on the type of ACL used, whether it is Standard or Extended.

 

If it is Standard, then you should configure the ACL close to the destination to prevent discarding packets that you don't want to be discarded.

 

If it is Extended, then you should configure the ACL close to the source to discard packets faster. 

Chandrasiri Guanaratna
by Chandrasiri Guanaratna , IT Manager , Computerland International

Access list should be applied closer to the source for OUT BOUND trafic  and therefore inside interface  note  there is a implicit deny ip any any at the end of the ACL ,

However if you need to control IN BOUND  traffic then it must be applied to the outside

both the case command  applying on the interface would be ip access-group101 in

 

 

More Questions Like This