The proper placement of an ACL can make the network operate more efficiently. An ACL can be placed to reduce unnecessary traffic. For example, traffic that will be denied at a remote destination should not be forwarded using network resources along the route to that destination.
Every ACL should be placed where it has the greatest impact on efficiency. As shown in the figure, the basic rules are:
- Extended ACLs - Locate extended ACLs as close as possible to the source of the traffic to be filtered. This way, undesirable traffic is denied close to the source network without crossing the network infrastructure.
- Standard ACLs - Because standard ACLs do not specify destination addresses, place them as close to the destination as possible. Placing a standard ACL at the source of the traffic will effectively prevent that traffic from reaching any other networks through the interface where the ACL is applied.
Placement of the ACL and therefore the type of ACL used may also depend on:
- The extent of the network administrator’s control - Placement of the ACL can depend on whether or not the network administrator has control of both the source and destination networks.
- Bandwidth of the networks involved - Filtering unwanted traffic at the source prevents transmission of the traffic before it consumes bandwidth on the path to a destination. This is especially important in low bandwidth networks.
- Ease of configuration - If a network administrator wants to deny traffic coming from several networks, one option is to use a single standard ACL on the router closest to the destination. The disadvantage is that traffic from these networks will use bandwidth unnecessarily. An extended ACL could be used on each router where the traffic originated. This will save bandwidth by filtering the traffic at the source but requires creating extended ACLs on multiple routers.
Note: For CCNA certification the general rule is that extended ACLs are placed as close as possible to the source and standard ACLs are placed as close as possible to the destination.