Applying an ACL to an Interface
The second step of the configuration process involves applying the ACL to an interface. ACLs can be defined
without applying them to an interface on a device. However, the ACL will have no effect until it is applied to the
device's interface. ACLs can also be used for various other services in addition to applying to interfaces, such as
in route-map, SNMP, or traffic-classification techniques.
ACLs can be applied on various interfaces and devices in a network, but you should consider a number of
intricate factors before deciding where to apply them. Figure 2-2 shows a requirement that is blocking traffic
that is entering the network from Router A from reaching the source Host A to destination Host B. When
deciding where to apply an ACL, such as that shown in Figure 2-2, consider the following:
When using a standard ACL, apply the ACL filter closest to the destination Router C within the traffic flow.
This is recommended because standard ACL filter packets, which are based on the source address only,
are dropped closer to the ingress point Router A. A potential danger exists in blocking Host A entirely for
all other traffic??”for example, Host C or Host D in the network.
Pages:
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84