I would say that it depends on how you look at it.
�
If you have the choice of putting it on S2's inbound or S3's outbound.� If
most traffic that goes through the router comes from S2 to S1, it would be a
waste to put it on S2's inbound, because then all the traffic to S1 would be
delayed by it.
�
On the other hand, if most traffic that goes through the router comes from
S1 to S3, it would be a waste to put it on S3's outbound, because then all
the traffic from S1 would be delayed by it.
�
You have to measure traffic from/to all interfaces and also deside if you
need to control access from only one interface and/or to only one interface.
�
Sit down and make some drawings, and you would see how to best optimize the
access lists to match the traffic needs on the router.
�
All this said, yes you're right if you look at the simple cpu utilization -
if you put it on the inbound interface, unwanted traffic would be droppet
before the router would waste cpu time routing it to it's destination
interface.
�
Hth,
�
Ole
�
-----Original Message-----
From: Martin Eriksson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 9:52 AM
To: [EMAIL PROTECTED]
Subject: Accesslist outbound
Hi!
�
Found a little something in�the CCNA Router and Switching Study Guide
( http://www.rkingma.com/cisco/TestHome.htm).
that I can't really recall reading anywhere else..
�
A simple scenario...
�
s1 10.10.10.102
��� |
��� |----------------routerA----------s3 10.10.20.1
��� |�������������������������������������������������������
s2 10.10.10.101
�
�
Access-list 1 permit 10.10.10.101
Access-list 1 deny 10.10.10.0 0.0.0.255
�
According to the text: "�We could apply it as an inbound filter on Router
A's interface to network 10.10.10.0, or as an outbound filter on Router A's
interface to network 10.10.20.0. Outbound filters are less processor
intensive for the router, so let's apply it outbound.".
�
It's the last part I get confused with, "outbound filters are less processor
intensive".
I thought it was the opposite that�it's better to stop the packets at the
entry instead of the exit.
�
I'm sure someone can sort things up for me..
�
best regards. Martin E
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
