just wanted to know one thing........what is the rule abt standard and extended access-list....like it should be placed near to source or destination......just confuse abt that an dwhy is that.....thanks in advance....cheers
Generally It is a good practice to apply the ACL on the interface closest to the source of the traffic.
-----Ethernet0-Router A-Ethernet1-----
If you want to block some traffic from the source to the destination in this scenario, it is better to keep the
ACL on the incoming direction of Ethernet 0, instead of placing it in the outbound direction of Ethernet1.
Apart from this, As you know by using standard access list you can manipulate the flow only by matching the source ip address, whereas extended access list give you much more control.
Cisco classes used to teach that it was best practice to place standard access lists as close to the destination as possible and best to place extended access lists as close to the source as possible. I believe that this is what the original post was asking.
The reasoning for this was that with standard access lists limited ability to discriminate (they only look at source address, and can not look at destination, or protocol type, or port) you could control the impact of the access list by placing it close to the destination. With extended access lists with their greater ability to discriminate traffic (examining both source and destination, and protocol, and port numbers) it was more efficient to place it close to the source.
HTH
Rick
HTH
Rick
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
