Chapter 11 - Access Control Lists Flashcards
What do standard access lists filter on?
Source address only!
What is the number range for standard ACLs?
1-99
1300-1999
What is the number range for extended ACLs?
100-199
2000-2699
When you add a new line to an access list, where is it placed by default?
At the very bottom of the list (before the implcit deny)
When using a wildcard mask, which part of the subnet would be looked at if it was 0.0.0.255
The last octet can be anything. Only the first 3 are looked at for matches.
ie: 172.25.1.XXX
What are the two main types of object groups?
Service Object Groups - identify devices by ip address, network, host, or range of hosts.
Network Object Groups - TCP or UDP and ports defined (or a collection of ports)
What command would you use to see all the lines of an access-list and check if there are any matches / hits?
show access-lists
or use the name or number of the ACL
What command would you use to check to see if an interface has an ACL applied to it?
show ip interface
How do you clear the counters (match counts) on an access list?
clear ip access-list counters
When you apply a IPv6 ACL on an interface, what kind of traffic is implicitly permitted (even though there is a default implicity deny at the end of the ACL)?
Neighbor Solicitation (NS) packets
Neighbor Advertisement (NA) packets
What keyword is different in IPv6 ACL’s when applying a list to an interface?
traffic-filter
for example:
(config-if)#ipv6 traffic-filter LIST_NAME in
What command allows you to view an IPv6 access-list (all of its lines, match counts, etc)?
show ipv6 access-list
(remember just add the “ipv6”)
How to you check to see if an interface has an IPv6 ACL applied?
show ipv6 interface g0/3
(g0/3 can be any interface name)
