The best place for ACL's is at the access layer. You want to deny or permit
packets the outer-most level you have control of. If you wait for their
packets to get into the core of your network, then you have already
compromised your network's security. If you do it at the router that your
customer connects to, you can deny things like routing protocols and subnets
that need not penetrate your network.
The best solution for security is a firewall. If security is a mission
critical application, a PIX should be used instead of ACL's.
Kelly D Griffin, CCNA, CCDA
Network Engineer
Kg2 Network Design
http://www.kg2.com
----- Original Message -----
From: "Piatnitchi Cristian" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 07, 2001 9:59 AM
Subject: The best place to put the access lists
> Hi all
>
> I need an advice. I have to choose between the set up
> ACLs on the router and to set up ACLs on the servers's
> swtich.
>
> Which one is the best solution and why ?
>
> Thanks in advance
> Cristian Piatnitchi
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ____________________________________________
> http://1cis.com
> Free E-mail Servers with unlimited mailboxes
> 1st Class Internet Solutions
____________________________________________
http://1cis.com
Free E-mail Servers with unlimited mailboxes
1st Class Internet Solutions
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
