Hello
I am currently studying network security and I am wondering something about ACLs. I know what they are and what their intended use is.
I also know that both Routers and Switches support this feature. Furthermore, I also know that having an extended ACL on an edge router facing the internet has a few benefits like being able to filter all the traffic and it can serve to connect a DMZ for example. And lastly, I understand the general rule of standard ACLs get placed closest to destination address, and the extended ACLs, since they can filter more traffic due to having more data defined they go closer to the source.
However, I don't really understand when you would use an ACL on a switch as opposed to a router?
I've been told that L3 switches can help routers with security so routers can focus on routing, but apparently ACLs don't affect a routers performance anyway because it's directly configured into the forwarding hardware? Also leaving a router that connects to the internet with no ACL could leave it exposed to direct attacks on the router?
Can someone clear this up for me? Sorry if my knowledge is not precise I have only just started to study it.
No comments:
Post a Comment