Reflection
As you can see, standard ACLs are very powerful and work
quite well. Why would you ever have the need for using extended ACLs?
Standard ACLs can only filter based on the source
address. In addition, they are not granular. They allow or deny EVERYTHING
(protocols and services). Extended ACLs, while harder to write, are well suited
to complex networks where you may need to allow only certain ports access to
networks while denying others.
Typically, more typing is required when using a named ACL
as opposed to a numbered ACL. Why would you choose named ACLs over numbered?
Students could list two reasons here. The first reason is
that using named ACLs gives you the ability to modify specific lines within the
ACL itself, without retyping the whole thing. NOTE: Newer versions of the IOS
allows numbered ACLs to be modified just liked named ACLs. Secondly, having a
named ACL is a good best practice as it helps to document the purpose of the
ACL with a descriptive name.
No comments:
Post a Comment