Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

On what router and on which interface you prefer to configure the ACL(access control list), close to source or destination and in which situation?

user-image
Question ajoutée par Saqib Mehmood , Technical Team Lead/Safety Supervisor , Xchange Technology Group
Date de publication: 2013/12/06
Mostafa Khamies Dakam
par Mostafa Khamies Dakam , Network Specialist , Libyan Fertilizer Company

I Agree with Khaled Omar, it depends on purpose you need, Standard ACLs should be implemented as close as possible to the destination, and Extended ACLs is close to the source to reduce traffic load.

Khaled Omar
par Khaled Omar , Senior Service Delivery Engineer , Dell Technologies

Actually it depends on the type of ACL used, whether it is Standard or Extended.

 

If it is Standard, then you should configure the ACL close to the destination to prevent discarding packets that you don't want to be discarded.

 

If it is Extended, then you should configure the ACL close to the source to discard packets faster. 

Chandrasiri Guanaratna
par Chandrasiri Guanaratna , IT Manager , Computerland International

Access list should be applied closer to the source for OUT BOUND trafic  and therefore inside interface  note  there is a implicit deny ip any any at the end of the ACL ,

However if you need to control IN BOUND  traffic then it must be applied to the outside

both the case command  applying on the interface would be ip access-group101 in

 

 

More Questions Like This