Chp 12 Flashcards
Remember the standard and extended IP access-list number ranges
The number ranges you can use to configure a standard IP access list are 1-99 and 1300-1999. The number ranges for an extended IP access list are 100-199 and 2000-2699
Understand the term implicit deny
At the end of every access list is an implicit deny. What this means is that if a packet does not match any of the lines in the access list, it will be discarded. Also, if you have nothing but deny statements in your list, the list will not permit any packets
Understand the standard IP access-list configuration command.
To configure a standard IP access list, use the access-list numbers 1-99 or 1300-1999 in global configuration mode. Choose permit or deny, then choose the source IP address you want to filter on using one of the three techniques covered in this chapter
Understand the extended IP access-list configuration command
To configure an extended IP access list, use the access-list number 100-199 or 2000-2699 in global configuration mode. Choose permit or deny, the Network layer protocol field, the source IP address you want to filter on, the destination address you want to filter on, and finally, the Transport layer port number if TCP or UDP has been specified as the protocol
Remember the command to verify an access list on a router interface
To see whether an access list is set on an interface and in which direction it is filtering, use the show ip interface command. This command will not show you the contents of the access list, merely which access lists are applied on the interface
Remember the command to verify the access-list configuration
To see the configured access lists on your router, use the show access-list command. This command will not show you which interfaces have an access list set.