Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
3
Helpful
3
Replies

access list

carl_townshend
Spotlight
Spotlight

‎05-26-2006 12:15 AM - edited ‎03-03-2019 03:23 AM

I have been told that when you apply an access list you apply it as close to the source as you can, so If I need an access list to permit my users to only use port 80 out to the internet, do I apply this on the inside ethernet interface or the outside serial ?

Labels:
0 Helpful
3 Replies 3

a.hajhamad
Level 4
Level 4

‎05-26-2006 12:53 AM

In general, apply it to the source, means at the first hop not after crossing many hops (routers).

I prefer to apply it at G.W ethernet interface, but take care that you need to manage the router from your IP address. i.e. don't apply before you add a permit entry for your IP address in order to access the router.

Please rate if it does.

Abd Alqader

0 Helpful

rmcarthur
Level 1
Level 1

‎05-26-2006 12:55 AM

Hi Carl, generally standard access lists (1-99) should be placed as close to the destination as possible, extended (100-199) should be as close to the source as possible.

In your example, if this is the only traffic involved and no other connectivity is required, place it inbound on the ethernet interface.

Hope this helps.

0 Helpful

eric_chan
Level 1
Level 1

‎05-26-2006 07:12 AM

I would apply the ACL closest to users also.. then router will drop the packet as soon as it hit the router and the router won't have to spend the resource to make routing/switching decision.

Customers Also Viewed These Support Documents