Where to Place ACLs

In this article we will discuss Where to Place ACLs, will make brief discussion on Where to Place ACLs, In last article we discuss about Creating ACLs.

The proper placement of an ACL can make the network operate more efficiently. An ACL can be placed to reduce unnecessary traffic. For example, traffic that will be denied at a remote destination should not be forwarded using network resources along the route to that destination.

Every ACL should be placed where it has the greatest impact on efficiency. The basic rules are:

  • Extended ACLs – Locate extended ACLs as close as possible to the source of the traffic to be filtered. This way, undesirable traffic is denied close to the source network without crossing the network infrastructure.
  • Standard ACLs – Because standard ACLs do not specify destination addresses, place them as close to the destination as possible. Placing a standard ACL at the source of the traffic will effectively prevent that traffic from reaching any other networks through the interface where the ACL is applied.

Placement of the ACL and therefore, the type of ACL used may also depend on:

  • The extent of the network administrator’s control – Placement of the ACL can depend on whether or not the network administrator has control of both the source and destination networks.
  • Bandwidth of the networks involved – Filtering unwanted traffic at the source prevents transmission of the traffic before it consumes bandwidth on the path to a destination. This is especially important in low bandwidth networks.
  • Ease of configuration – If a network administrator wants to deny traffic coming from several networks, one option is to use a single standard ACL on the router closest to the destination. The disadvantage is that traffic from these networks will use bandwidth unnecessarily. An extended ACL could be used on each router where the traffic originated. This will save bandwidth by filtering the traffic at the source but requires creating extended ACLs on multiple routers.

Although extended ACLs are beyond the scope of the ICND1/CCENT exam, you should know the general guideline for placing both standard and extended ACLs. For CCNA certification the general rule is that extended ACLs are placed as close as possible to the source and standard ACLs are placed as close as possible to the destination.

Add a Comment

Your email address will not be published. Required fields are marked *