Access-list

---

Hello,

I would like to know the benefit of applying an access to a switch instead of applying it to a router?
I understand it can only block IN, but wouldn't that be a better choice instead of using a router?

@John-Martin said in Access-list:

Hello,

I would like to know the benefit of applying an access to a switch instead of applying it to a router?

On switches you can run two types of ACLs:

1. IP address ACLs
2. MAC address ACLs
   If you need to control access between devices within the same subnet (or VLAN) for example.

I understand it can only block IN, but wouldn't that be a better choice instead of using a router?

It depends on what you need. the ACL on routers is normally between VLANs or other networks. So each has it's place. Also, it depends on the level of granularity needed.

Configuring on both may be needed but can cause confusion if you don't remember that ACLs have been configured on both.