Access and NAT

Question 1

When does a packet stop within an access list?

Answer 1

first match

Question 2

What rule is at the bottom of every ACL?

Answer 2

implicit deny

Question 3

What are the different types of ACLs?

Answer 3

standard, extended, reflexive

Question 4

Standard ACLs make matches based on what criteria?

Answer 4

source address

Question 5

What kind of lists are Access Control lists?

Answer 5

list of permit and deny statements

Question 6

Extended ACLs make matches based on what criteria?

Answer 6

source/destination address, protocol, source/destination port number

Question 7

What command will allow you to use Named ACLs?

Answer 7

ip access-list

Question 8

Standard access lists can only permit or deny based on the source address. True or false?

Answer 8

True

Question 9

What is the wildcard mask of 192.168.1.0?

Answer 9

0.0.0.255

Question 10

What is the wildcard mask of 10.1.1.1?

Answer 10

0.0.0.0

Question 11

What does permit 0.0.0.0 255.255.255.255 do within an ACL?

Answer 11

permit any

Question 12

What does a sequence number do for the access list?

Answer 12

dictate order of statements

Question 13

What command is used to access an ACL?

Answer 13

ip access-list standard ‘name’

Question 14

What would the command “ip access-list standard INTERNETFILTER” do?

Answer 14

enter configuration for the standard access list named INTERNETFILTER

Question 15

What would the command “15 deny host 10.1.1.5” do?

Answer 15

deny host 10.1.1.5 with a sequence number of 15

Question 16

What command would be used to allow the ip address of 192.168.1.0?

Answer 16

permit 192.168.1.0 0.0.0.255

Question 17

What command is used to apply an access list?

Answer 17

ip access-group ‘ACL name’ inbound/outbound

Question 18

What is the subnet mask of 192.168.2.0 /25?

Answer 18

255.255.255.128

Question 19

What is the wildcard mask of subnet 255.255.255.128?

Answer 19

255.255.255.127

Question 20

What is the wildcard mask of subnet 255.255.255.32?

Answer 20

255.255.255.223

Question 21

After you have created the ACL on the router, what should you do next if you are using the ACL for security filtering?

Answer 21

Apply it to the corresponding interface

Question 22

When you are applying a standard ACL for security, you should apply it as close to the _____ as possible.

Answer 22

destination

Question 23

What steps would be taken to configure the ACL “FILTER_TELNET” to a vty line for inbound?

Answer 23

line vty 0 4
access-class FILTER_TELNET in

Question 24

What command can be used to show access lists?

Answer 24

show run

Question 25

Port Address Translation allows you to Overload a single ______ IP address.

Answer 25

public

Question 26

How many ports does PAT allow?

Answer 26

Up to 65,536

Question 27

What is static NAT usually used for?

Answer 27

inbound traffic, incoming requests

Question 28

What is dynamic NAT usually used for?

Answer 28

NAT pools for large enterprises

Question 29

What is the command for excluding IP addresses from a DHCP scope?

Answer 29

ip dhcp excluded-address x.x.x.x y.y.y.y

Question 30

What must be configured in order to set up NAT?

Answer 30

ACL

Question 31

What command would be used to setup an ACL named NAT_ADDRESSES?

Answer 31

ip access-list standard NAT-ADDRESSES

Question 32

What two addresses must be configured on a router for NAT?

Answer 32

inside address, outside address

Question 33

What is the command to set an interface as the inside address for NAT?

Answer 33

ip nat inside

Question 34

A router has two interfaces, FastEthernet 0/0 and FastEthernet 0/1. What steps would you take to configure 0/0 as the inside NAT and 0/1 as the outside NAT?

Answer 34

config t
int fa0/0
ip nat inside
exit
ip fa0/1
ip nat outside

Question 35

What does ”inside local” represent on “show ip nat translations” command?

Answer 35

device originating request

Question 36

What command can be used to view NAT translations?

Answer 36

show ip nat translations

Question 37

When creating a NAT pool, what command would you use to create a pool named NAT_POOL?

Answer 37

ip nat pool NAT_POOL x.x.x.x y.y.y.y

Question 38

What command must be done to a NAT source list in order for multiple hosts to use the NAT?

Answer 38

overload

Question 39

When creating a NAT inside, what command is typically used in every instance?

Answer 39

ip nat inside source _____

list, static

Question 40

To configure static NAT to translate traffic from inside the local network to outside the local network, which of the following should be used?

Answer 40

ip nat inside source static x.x.x.x(inside) y.y.y.y(outside)

Question 41

What is the show command for current translations?

Answer 41

show ip nat translations