ACL, where to apply them.

[surfbum99]

Hi there,

I have my CCNA exam this afternoon and I'm still a bit wirry about where to apply ACLs.
I've been told the general rules is Standard ACL to be as close to the destination as possible, Extended ACL as close to the source as possible.

But still confusing in some example questions. Also whether its in or out.

Can anyone give any help, or got a website that has fixed rules and would help explain more so I definately know what im doing!

regards,

Alistair.

 

[CiscoGuy33]

Alistair,

Standard ACL — Permits or denies packets based on source IP address - has to be put close to the destination or the source can not go anywhere on the network.

Extended ACL - Permits or denies packets based on just about anything - because it is so selective it should be put close to the source so that it can get the unwanted traffic off the network ASAP.

Think of an ACL as a bouncer outside a club with a list of rules!

If you have a "standard" bouncer and your home is on the list that you can not go into the club and they put him outside your front door - he can only ask you one question - Where are you from (source)? You will never be allowed to leave your home!!

If he was an "extended" bouncer then he could ask you where you were going - as long as it was not the club you would be allowed out. If it was the club then might as well get you off the road now as close to your home (source) as possible!!

As for "in" and "out" just picture the same thing and think of the question being asked the packet and what will happen if it is permitted or denied on the way into the router or on the way out of the router! Will that ACL stop the packet from going somewhere it should be able to go. Just try to picture it!!

Hope this helps!




E.A. Broda
CCNA, CCDA, CCAI, Network +