Access and NAT Flashcards
When does a packet stop within an access list?
first match
What rule is at the bottom of every ACL?
implicit deny
What are the different types of ACLs?
standard, extended, reflexive
Standard ACLs make matches based on what criteria?
source address
What kind of lists are Access Control lists?
list of permit and deny statements
Extended ACLs make matches based on what criteria?
source/destination address, protocol, source/destination port number
What command will allow you to use Named ACLs?
ip access-list
Standard access lists can only permit or deny based on the source address. True or false?
True
What is the wildcard mask of 192.168.1.0?
0.0.0.255
What is the wildcard mask of 10.1.1.1?
0.0.0.0
What does permit 0.0.0.0 255.255.255.255 do within an ACL?
permit any
What does a sequence number do for the access list?
dictate order of statements
What command is used to access an ACL?
ip access-list standard ‘name’
What would the command “ip access-list standard INTERNETFILTER” do?
enter configuration for the standard access list named INTERNETFILTER
What would the command “15 deny host 10.1.1.5” do?
deny host 10.1.1.5 with a sequence number of 15
What command would be used to allow the ip address of 192.168.1.0?
permit 192.168.1.0 0.0.0.255
What command is used to apply an access list?
ip access-group ‘ACL name’ inbound/outbound
What is the subnet mask of 192.168.2.0 /25?
255.255.255.128
What is the wildcard mask of subnet 255.255.255.128?
255.255.255.127
What is the wildcard mask of subnet 255.255.255.32?
255.255.255.223
After you have created the ACL on the router, what should you do next if you are using the ACL for security filtering?
Apply it to the corresponding interface
When you are applying a standard ACL for security, you should apply it as close to the _____ as possible.
destination
What steps would be taken to configure the ACL “FILTER_TELNET” to a vty line for inbound?
line vty 0 4 access-class FILTER_TELNET in
What command can be used to show access lists?
show run
Port Address Translation allows you to Overload a single ______ IP address.
public
How many ports does PAT allow?
Up to 65,536
What is static NAT usually used for?
inbound traffic, incoming requests
What is dynamic NAT usually used for?
NAT pools for large enterprises
What is the command for excluding IP addresses from a DHCP scope?
ip dhcp excluded-address x.x.x.x y.y.y.y
What must be configured in order to set up NAT?
ACL
What command would be used to setup an ACL named NAT_ADDRESSES?
ip access-list standard NAT-ADDRESSES
What two addresses must be configured on a router for NAT?
inside address, outside address
What is the command to set an interface as the inside address for NAT?
ip nat inside
A router has two interfaces, FastEthernet 0/0 and FastEthernet 0/1. What steps would you take to configure 0/0 as the inside NAT and 0/1 as the outside NAT?
config t int fa0/0 ip nat inside exit ip fa0/1 ip nat outside
What does ”inside local” represent on “show ip nat translations” command?
device originating request
What command can be used to view NAT translations?
show ip nat translations
When creating a NAT pool, what command would you use to create a pool named NAT_POOL?
ip nat pool NAT_POOL x.x.x.x y.y.y.y
What command must be done to a NAT source list in order for multiple hosts to use the NAT?
overload
When creating a NAT inside, what command is typically used in every instance?
ip nat inside source _____
list, static
To configure static NAT to translate traffic from inside the local network to outside the local network, which of the following should be used?
ip nat inside source static x.x.x.x(inside) y.y.y.y(outside)
What is the show command for current translations?
show ip nat translations
