Extended ACLs

Question 1

Create an extended ACL entry to permit or deny all traffic:
R1(config-ext-nacl)# […]

Answer 1

{permit | deny} ip any any

Question 2

What is the command to create an extended ACL entry, specifying the protocol, source/destination IP, and source/destination port?
R1(config-ext-nacl)# […]

Answer 2

{permit | deny} protocol src-ip src-port dst-ip dst-port

*src-ip and dst-ip need the host keyword before or a wildcard mask after
*src-port and dst-port need a keyword such as eq before

Question 3

Which command can be used to view which ACLs are applied to an interface?
R1# […]

Answer 3

show ip interface interface-id

Question 4

Which extended ACL entry command option?
[…] matches the specified range of ports.

Answer 4

range lowest-number highest-number

Question 5

Which extended ACL entry command option?
[…] matches all ports except the specified number.

Answer 5

neq port-num

Question 6

Which extended ACL entry command option?
[…] matches all ports less than the specified number.

Answer 6

lt port-num

Question 7

Which extended ACL entry command option?
[…] matches all ports greater than the specified number.

Answer 7

gt port-num

Question 8

Which extended ACL entry command option?
[…] matches a single port.

Answer 8

eq port-num

Question 9

OSPF = IP protocol number […]

Answer 9

89

Question 10

[…] = IP protocol number 89

Answer 10

OSPF

Question 11

EIGRP = IP protocol number […]

Answer 11

88

Question 12

[…] = IP protocol number 88

Answer 12

EIGRP

Question 13

UDP = IP protocol number […]

Answer 13

17

Question 14

[…] = IP protocol number 17

Answer 14

UDP

Question 15

TCP = IP protocol number […]

Answer 15

6

Question 16

[…] = IP protocol number 6

Answer 16

TCP

Question 17

ICMP = IP protocol number […]

Answer 17

1

Question 18

[…] = IP protocol number 1

Answer 18

ICMP

Question 19

Enter extended named ACL config mode:
R1(config)# […]

Answer 19

ip access-list extended {name | number}

Question 20

Configure an extended ACL entry, specifying protocol, source IP, and destination IP:
R1(config-ext-nacl)#

Answer 20

{permit | deny} protocol src-ip dest-ip

(use either host before each IP address for /32, or specify a wildcard mask)

Question 21

Configure an extended ACL entry, specifying protocol, source IP, and destination IP:
R1(config)#

Answer 21

access-list number {permit | deny} protocol src-ip dest-ip

(use either host before each IP address for /32, or specify a wildcard mask)

Question 22

Extended numbered ACL ranges:

Answer 22

100-199, 2000-2699

Question 23

Resequence an ACL:
R1(config)# […]

Answer 23

ip access-list resequence acl-id starting-seq-num increment

Question 24

You [can/can’t] delete individual ACL entries in named ACL config mode.

Answer 24

can

Question 25

You [can/can't] delete individual ACL entries in global config mode.

Answer 25

can't

Question 26

Delete an ACL entry by specifying the sequence number: R1(config-std-nacl)# [...]

Answer 26

no sequence-number