This section covers design issues with ACLs: where you should place ACLs of a given
type (standard or extended). In other words, given the source and destination that you
are filtering, on what router and what interface on that router should you activate your
ACL? This section covers some of the important points you should be aware of when
determining where to put your ACLs.
First, don't go crazy with ACLs and create dozens and dozens of them across all
of your routers. This makes testing and troubleshooting your filtering rules almost
impossible. If you have followed Cisco’s three-layer hierarchy—core, distribution,
and access—you’ll want to put your ACLs on your distribution layer routers.
The second point to make is that you will want to limit the number of statements
in your ACL. An ACL with hundreds of statements is almost impossible to test and
troubleshoot. As an example, I had a student in one of the router classes I taught who
had a question on an ACL they used at their site—it was six pages long! After I sat
with this student, we were able to reduce this to about a page and a half. The original
ACL had a lot of unnecessary and overlapping commands that we removed or changed.
As to where you should place your ACLs, the
following two rules hold true in most situations:
¦ Standard ACLs should be placed as close
to the destination devices as possible.
¦ Extended ACLs should be placed as close
to the source devices as possible.
PHP Error Message
Warning: mysql_pconnect() [function.mysql-pconnect]: Access denied for user 'a7203258_consul'@'10.1.1.22' (using password: YES) in /home/a7203258/public_html/miniforo/mostrar.php on line 13