ACL - configure and verify access control lists. 5.6

Question 1

Propose of ACLs

Answer 1

Controlling which devices have what access to the network.

Question 2

Can ACLs control network traffic

Answer 2

Yes. They can function as a packet filter, instructing the router to permit or discard specific traffic.

Question 3

Where are ACLs configured?

Answer 3

On the router. global config mode.

Question 4

What makes up ACLs

Answer 4

ACEs (Access Control Entries)

Question 5

What are ACEs

Answer 5

Series of permit of deny rules.

Question 6

How do ACLs take effect

Answer 6

Need to be applied to interface.

Question 7

Once the routers finds a match in ACL

Answer 7

It stops looking at other entries in the ACL

Question 8

ACL are applied inbound or outbound.

Answer 8

yes

Question 9

Are ACEs processed in order?

Answer 9

Yes. Top to bottom. once match is found, action is taken. Any remaining processes afterwards are ignored.

Question 10

What is outbound vs inbound

Answer 10

Outbound is interface traffic leaving the router. inbound is the opposite.

Question 11

Maximum of one ACL can be applied to a single interface Per Direction.

Answer 11

Inbound: Maximum one ACL
Outbound: Maximum one ACL

Question 12

Implicit deny

Answer 12

at the end of all ACLs have a implicit deny. Any entry that doesn’t match the configured entry in the ACL, it will deny.

Question 13

what is a Standard ACL

Answer 13

Reference Source IP Address ONLY

Question 14

Two subtypes for Standard ACLs

Answer 14

Standard Numbered ACLs

Standard Named ACLs

Question 15

Extended ACLs

Answer 15

check based on protocol(TCP, UDP), Source/Destination IP, Source/Destinations Ports.

Question 16

Two subtypes for Extended ACLs

Answer 16

Extended Numbered ACLs

Extended Named ACLs

Question 17

numbered ACL’s are identified by

Answer 17

ACL 1, ACL 2, ACL3, ect

Question 18

What is the number range standard ACLs can use?

Answer 18

1-99 and 1300-1999

Question 19

Basic command to configure a standard numbered ACL is

Answer 19

R1(config)# access-list number {deny | permit} ip wildcard-mask

Question 20

what gets rid of implicit deny

Answer 20

R1(config)# access-list 1 permit any
or
R1(config)# access-list 1 permit 0.0.0.0 255.255.255.255

Question 21

can we add comments to ACLs

Answer 21

yes.

R1(config)# access-list 1 remark ## BLOCK SARAH FROM MA##

Question 22

how to show ACLs

Answer 22

do show access-lists
do show access-lists
do show running-config | include access-list

Question 23

how to apply ACL to an interface

Answer 23

R1(config-if)# ip access-group number {in | out}

Question 24

rule of thumb for ACLs

Answer 24

As close to the destination as possible

Question 25

Standard named ACLs

Answer 25

are identified with a name. “block_bob”

Question 26

how to configure standard named ACL config mode?

Answer 26

R1(config0# ip access-list standard acl-name

Question 27

What is ARP??

Answer 27

Layer 2 broadcast

Question 28

What kinds of things do ACLs look at to identify traffic?

Answer 28

Source destinations, IP addresses and port numbers.

Question 29

Are ACLs supported on both routers and switches?

Answer 29

yes

Question 30

Original use of ACLs

Answer 30

a security feature to see what traffic passes through a router.

Question 31

Routers allow all traffic by default?

Answer 31

yes

Question 32

Two other examples of ACLs being used

Answer 32

identify traffic to give better service to in a QOS policy

Identify traffic to translate to a different IP address in a NAT policy.

Question 33

Extended ACL range

Answer 33

100 - 199, 2000-2699

Question 34

Standard Access List Example

Answer 34

access-list 1 deny 10.10.10.10 0.0.0.0

access-list 1 permit 10.10.10.0. 0.0.0.225

Question 35

does extended ACL have a default wildcard mask?

Answer 35

no

Question 36

how to create a named ACL syntax

Answer 36

ip access-list standard jesse-ACL-demo