The application of ACLs

A packet travels the following route through the router:
  1. The packet arrives at the entrance of the router.

  2. The router makes a forwarding decision regarding the packet.

  3. The packet exits the router.

Apply ACLs at the entrance and exit of the router, but not in the middle of the router where the router makes forwarding decisions. ACLs you apply as the packet arrives at the router are called inbound filters, and ACLs you apply as the packet leaves the router are called outbound filters.

You can configure an ACL to do one of the following:
  • Allow only certain types of traffic to pass through the router, but deny all other traffic.

  • Deny certain types of traffic from passing through the router, but allow all other types of traffic.