Access Control List (ACLs)

Question 1

An ACL identifies traffic based on characteristics
of the packet that’s going to go through the router such as its ______ and ________ IP address, and ______ number

Answer 1

Source, destination, port

Question 2

What is the structure of a Access Control Entry

Answer 2

The access-list number
action (permit or deny)
protocol (TCP, UDP, ICMP)
Source Info (IP, Wildcard, qualifier, port)
Destination Info (IP wildcard, qual, port)

Question 3

What are the different types of qualifiers in an ACE

Answer 3

Greater than, less than, or equal to

Question 4

What do these ACLs mean?
R1(config)# access-list 1 deny 10.10.10.10 0.0.0.0
R1(config)# access-list 1 permit 10.10.10.0 0.0.0.255

Answer 4

It is denying the host with IP 10.10.10.10 but permitting all other IPs in that subnet

Question 5

What is the command to view your ACL list?

Answer 5

show access-list # (i.e. 100)

Question 6

What does ACE stand for

Answer 6

Access Control Entries

Question 7

What order do you want your ACL to go?

Answer 7

most specific entries at the top of the list.
Less specific down near the bottom

Question 8

You create ACEs on the ______ interface but apply the ACL on individual _________

Answer 8

Global, ports (whether in or out)

Question 9

What do these commands do?
access-list 1 deny 10.0.2.0 0.0.0.255
access-list 1 permit 10.0.1.0 0.0.0.255
int f0/0
ip access-group 1 out

Answer 9

denies traffic from 10.0.2.0/24 subnet and permits all traffic from 10.0.1.0/24 in int f0/0 outbound