Some General Guideline for consideration while using ACLs
- One ACL is allowed per intreface and protocol per direction , you can have multiple ACLs on a single device , but you can have maximum of two ACLs per interface one as inbound and other as outbound.
- As ACLS is processed from Top to bottom, ACE entries need to be planned and most restrictive entries should be in the top.
- It is possible to squeeze the ACE in ACL in newer version of IOS due to sequencing function.
- Implicit Deny:- An ACL must have at least one Permit statement in avoid blockage of all traffic
- Egress (outbound ACL) only check the traffic traversing through the router but not the traffic originated by router it self .