Standard ACL closest to the destination ??????

[silnicpp]

Why a Standard ACL should be closest to the destination ? In my opinion all ACLs should be closest to the source (not only extended ACL ) in order to reduce traffic, otherwise if we put an standard ACL closest to the destination there will be unnecesary traffic !!!

 

[ARatt]

Silnicpp,

You have to keep in mind what information is in the ACL that you are working with. A standard ACL only has sources in it. So, in order not to block that source from going anywhere, you put it closest to the location you do want to keep it out of. If you were to put the ACL on the outgoing port of the closest router, say on the out side of its only serial port, that network or host, named in the ACL, would be blocked from leaving the router altogether.

Extended ACL's use source, destination, port and protocols. This way you could put the ACL on the closest router and have it only block the netwk/host from going to selected destinations and from using selected ports. This would reduce unnecessary traffic well.

Hope that helps! Alex
CCNA, CNA
aaratt@hotmail.com

 

[silnicpp]

Your unser came after a long time ... since that moment I found the unser by myself, but Yes you are right and thanks for this reply.