Hello Eugene, Also, if you are configuring the ACL to only block traffic headed to that particular router, one would still have to include ACLs on all the physical interfaces to block traffic.
Also, for the when you port-filter type policy maps on control-plane, the advantage that i feel they have over ACLs configured on interfaces is that the the port-filter policy-map maintains a DYNAMIC list of all the closed and open ports in the router. This changes everytime we start/stop a service. However , if we were configuring the same thing in an ACL, we would have to modify the ACL everytime too, and that too in EVERY interface we've applied the ACL on. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
