Wednesday, 23 June 2010

Implementation of ACL Summary

Some General Guideline for consideration while using ACLs

  • One ACL is allowed per intreface and protocol per direction , you can have multiple ACLs on a single device , but you can have maximum of two ACLs per interface one as inbound and other as outbound.

  • As ACLS is processed from Top to bottom, ACE entries need to be planned and most restrictive entries should be in the top.

  • It is possible to squeeze the ACE in ACL in newer version of IOS due to sequencing function.

  • Implicit Deny:- An ACL must have at least one Permit statement in avoid blockage of all traffic

  • Egress (outbound ACL) only check the traffic traversing through the router but not the traffic originated by router it self .