Cisco Access Control List Guidelines to follow when creating rules.

Cisco Access Control List Guidelines

Just a quick post to remind myself and others ofCisco Access Control List Guidelines. the following Cisco Access Control List Guidelines that we should be aware of. I thought this would be good to post as a quick reference/lookup. This just gives a basic run down of how ACL’s should be implemented as per Cisco CCNA Security.

  • Ensure the last ACE that is processed has a ‘deny any’ or ‘deny any any’
  • ACLs are processed top down, as soon as as an ACE is matched the processing is stopped.
  • Make sure the most specific ACEs are at the top of the list.
  • One ACL per interface, per protocol, per direction.
  • Any new ACE’s that are added to an ACL are added to the bottom by default, unless specified.
  • Router generated traffic is not filtered by outbound ACLs
  • Standard ACLs should be placed as close to the destination as possible.
  • Extended ACLs should be placed as close to the source as possible.