All topics ›
Cisco / Network Engineer ›
ACLs / NAT
ACLs / NAT · Cisco / Network Engineer Standard vs extended ACL — when do you use each?
Standard ACL (1–99 or 1300–1999) — filters by source IP only. Apply close to destination (because filtering only by source means you don't want to block legitimate traffic to other destinations from same source). Extended ACL (100–199 or 2000–2699) — filters by source IP + destination IP + protocol + ports. Apply close to source for efficiency (drops unwanted traffic before it traverses the network). Modern best practice: use named ACLs for both readability.
Want the full explanation? This is the atomic answer suitable for
quick interview prep. For the structured deep-dive — including code samples,
strong-answer vs weak-answer notes, common follow-up questions, and how this fits
the larger cisco / network engineer topic — see the full Q&A on Networkers Home:
→ Cisco / Network Engineer Interview Hub — Full Q&A with deep context
→ Cisco / Network Engineer Interview Hub — Full Q&A with deep context
How Networkers Home prepares students for this kind of question
This question reflects real interview rounds at Bangalore's top enterprise networking and infrastructure teams. Networkers Home's flagship courses include mock interview sessions drilling exactly these question patterns, with feedback from interviewers who have hired for the role.
→ View the complete cisco / network engineer interview prep hub
→ View the related Networkers Home course
→ Book a free career consultation
Related ACLs / NAT questions
ACLs / NAT
Q. Difference between NAT, PAT, and dynamic NAT?
NAT (static) — 1:1 mapping between inside-local and inside-global. Used for servers needing fixed external IPs. Dynamic NAT — pool of inside-global IPs assigned dynamically to inside-local IPs as needed. Once mapping est…
Read full answer →