"Standard Access List" = Can only filter based on the Source Address. Because of this limitation, it has to be near the "Destination" host, which can then make a decision regarding accept\deny the packet.
"Extendid Access List"= Can filter both based on Source\Destination address (and much more). So its better to place it near the source, so that packet can be denied (if it is supposed to be) as early as possible instead of using up all the bandwidth\CPU etc to the destination and then being dropped, which will be waste of bandwidth. E.g. Host1----->Router1----->Router2----->Host3 | | Host2(connected to Router1) Lets say Host1 can Send packet to Host2 But Host1 cannot send packet to Host3. Now with Standard Access List: We cannot apply the list at Router1, since it can only filter based on Source address (of Host1), so it will also deny packet to from Host1-Host2 (which is Not required). So we have to place the Access list on Router2 (near the destination) to only reject packet to Host3, without effecting the communication between Host1-Host2. Extendid Access List: In this case , we can apply the access-list to Router1 (near the soruce) and then create rules to allow Host1-Host2 communication (i.e. filters based on Source\Destination address) But reject Host1-Host3 communication. Now packet to from Host1-Host3 will be recjected at Router1 and we will save Bandwidth between Router1-Rouetr2. Regards \\ Naman > -----Original Message----- > From: SB CH [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 22, 2003 8:51 AM > To: [EMAIL PROTECTED] > Subject: about access-list location? > > > Hello. > > I have a question about the "access-list" of the cisco. > > some say, > extended access list is located near source and > standard access list is located near destination. > > I have no idea why I should like this. > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------