So I failed my first CCNA 640-801 exam last week with an 847. On the test, there was an ACL router sim. I am retaking my exam tomorrow morning.
I'm going to try and expalin this as best I can.
Before going further, I understand that extended ACL's are to be placed closest to the source.
Bear with me here, and thank you in advance for reading.
I have a LAN network shaped like a capitol "Y".
I am to deny telnet traffic from the 2 networks on the top of the fork of the Y to the bottom of the Y.
My first choice would be to place an ACL on the 2 top interfaces going inbound.
But then I am now second guessing myself, because in this case, would it not make more sense to place the same ACL just on the outbound interface on the bottom of the Y?
You're eliminating extra work, but it's no longer according to "best practice."
I ask this because this question was on my last exam, and was on my friend's this morning. I really could understand the logic both ways.
Which way does Cisco want me to answer this?