Access lists - Placement of Standard and Extended ACLs

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi All,

Regarding the placement of standard and extended access lists.

For a standard access list as this only filters the source IP address this should be placed on the router near to the network/host that is to be denied.

For an extended access list as this filters by protocol, source/destination IP address and port number this can be placed on the router close to where the extended access list is located.

Have I got this right? Any tips appreciated.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Absolutely. According to Richard Deal, standard ACLs should be placed as close to the destination devices as possible and extended ACLs should be placed as close to the source devices as possible.

 

Thanks for the reply.