Chapter 4 Access Control List - IPv4 Flashcards

1
Q

What is an Access Control List?

A

An ACL is used to filter packets at an interface. Packet can be incoming or outgoing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Whaat are the two types of ACLs?

A

Standard and Extended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some rules for applying acls?

A
  1. you can only have one acl per protocol (IPv4 @ IPv6)
  2. one acl per interface (IN and OUT)
  3. one acl per direction. (gi0/0)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the best practices when implementing standard and extended ACLs

A
  1. Standard ACLs should be located as close to the destination as possible.
    If a standard ACL was placed at the source of the traffic, it would filter traffic based on the given source address no matter where the traffic is destined.
  2. Extended ACLs should be located as close as possible to the source of the traffic to be filtered.
    Denies undesirable traffic close to the source network without crossing the network infrastructure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to write a Standard Numbered ACL

A

access-list ACL#{deny|permit|remark} source-IP src-wildcard

access-list 10 permit 192.168.10.0 0.0.0.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you add an ACL to an interface

A

you will have to first enter in the interfascce yo want. Then write
ip access-group 1 (in | out)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How to write a Standard Named ACL?

A

ip access-list standard
(deny | permit | remark) source-ip src-wildcard

Then allow on interface.
int g0/0
ip access-group (IN | OUT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How to configure an Extended Numbered ACL

A

SYNTAX: access-list ACL#{deny|permit|remark} protocol
sourceIPsource-wildcard[operator [port-number|port-name]]
destIPdest-wildcard[operator [port-number|port-name]]
keyword

ex: access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 80

establish - parameter allows only responses to traffic that originates from the 192.168.10.0/24 network to return to that network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the differences between inbound and outbound ACLs

A

Inbound ACLs operate as follows:
•First ACE match is processed. Remaining ACEs are ignored
•If no statements match then the packet is implicitly denied
•If you require a permit as the default, make the last statement “permit any”

Outbound ACLs operate as follows:
•The router checks the routing table to see if the packet is routable.
•The router checks to see whether the outbound interface is grouped to an ACL.
•If it is, the ACL is tested by the combination of ACEs that are associated with that interface.
•Based on the first ACE match, the packet is permitted or denied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly