Chapter 4 Access Control List - IPv4

Question 1

What is an Access Control List?

Answer 1

An ACL is used to filter packets at an interface. Packet can be incoming or outgoing.

Question 2

Whaat are the two types of ACLs?

Answer 2

Standard and Extended

Question 3

What are some rules for applying acls?

Answer 3

1. you can only have one acl per protocol (IPv4 @ IPv6)
2. one acl per interface (IN and OUT)
3. one acl per direction. (gi0/0)

Question 4

What are the best practices when implementing standard and extended ACLs

Answer 4

1. Standard ACLs should be located as close to the destination as possible.
   If a standard ACL was placed at the source of the traffic, it would filter traffic based on the given source address no matter where the traffic is destined.
2. Extended ACLs should be located as close as possible to the source of the traffic to be filtered.
   Denies undesirable traffic close to the source network without crossing the network infrastructure.

Question 5

How to write a Standard Numbered ACL

Answer 5

access-list ACL#{deny|permit|remark} source-IP src-wildcard

access-list 10 permit 192.168.10.0 0.0.0.255

Question 6

How do you add an ACL to an interface

Answer 6

you will have to first enter in the interfascce yo want. Then write
ip access-group 1 (in | out)

Question 7

How to write a Standard Named ACL?

Answer 7

ip access-list standard
(deny | permit | remark) source-ip src-wildcard

Then allow on interface.
int g0/0
ip access-group (IN | OUT)

Question 8

How to configure an Extended Numbered ACL

Answer 8

SYNTAX: access-list ACL#{deny|permit|remark} protocol
sourceIPsource-wildcard[operator [port-number|port-name]]
destIPdest-wildcard[operator [port-number|port-name]]
keyword

ex: access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 80

establish - parameter allows only responses to traffic that originates from the 192.168.10.0/24 network to return to that network.

Question 9

What are the differences between inbound and outbound ACLs

Answer 9

Inbound ACLs operate as follows:
•First ACE match is processed. Remaining ACEs are ignored
•If no statements match then the packet is implicitly denied
•If you require a permit as the default, make the last statement “permit any”

Outbound ACLs operate as follows:
•The router checks the routing table to see if the packet is routable.
•The router checks to see whether the outbound interface is grouped to an ACL.
•If it is, the ACL is tested by the combination of ACEs that are associated with that interface.
•Based on the first ACE match, the packet is permitted or denied.