Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access list

I have been told that when you apply an access list you apply it as close to the source as you can, so If I need an access list to permit my users to only use port 80 out to the internet, do I apply this on the inside ethernet interface or the outside serial ?

3 REPLIES
Bronze

Re: access list

In general, apply it to the source, means at the first hop not after crossing many hops (routers).

I prefer to apply it at G.W ethernet interface, but take care that you need to manage the router from your IP address. i.e. don't apply before you add a permit entry for your IP address in order to access the router.

Please rate if it does.

Abd Alqader

Bronze

Re: access list

Hi Carl, generally standard access lists (1-99) should be placed as close to the destination as possible, extended (100-199) should be as close to the source as possible.

In your example, if this is the only traffic involved and no other connectivity is required, place it inbound on the ethernet interface.

Hope this helps.

New Member

Re: access list

I would apply the ACL closest to users also.. then router will drop the packet as soon as it hit the router and the router won't have to spend the resource to make routing/switching decision.

112
Views
3
Helpful
3
Replies
CreatePlease login to create content