ICND1 Section 6 - IP Services - ACLs

Question 1

What are the ranges for standard ACLs?

Answer 1

1-99

1300-1999

Question 2

Syntax for an extended numbered ACL

Answer 2

access-list access-list-number {deny | permit} protocol source IP wildcard mask destination IP wildcard mask [log]

Question 3

3 primary differences that named ACLs have vs numbered

Answer 3

1. Names instead of numbers
2. Uses ACL subcommands vs global commands to define the ACL
3. ACL editing allows users to edit delete and add individual lines

Question 4

Command to delete a line from a numbered ACL with sequence numbers.

Answer 4

conf t
ip access-list {standard | extended} number
no seq number

Question 5

Syntax to assign an ACL to a vty

Answer 5

access-class number {in | out}

Question 6

Command to set a router to use an NTP server

Answer 6

conf t

ntp server server {version version}

Question 7

2 commands to see how NTP is working on a router

Answer 7

show ntp status

show ntp associations

Question 8

What does “inside local” refer to?

Answer 8

Private IP’s used in NAT

Question 9

What does “inside global” refer to?

Answer 9

Public IP’s used in NAT

Question 10

3 steps to configure a router to do static NAT

Answer 10

1. Set up an interface as inside local
2. Set up an interface as inside global
3. Create a mapping between inside and outside IP’s

Question 11

Command to make an inside NAT interface

Answer 11

conf t
int gi0/0
ip nat inside

Question 12

Command to make an outside NAT interface

Answer 12

conf t
int gi0/1
ip nat outside

Question 13

TCP version of an extended ACL

Answer 13

access-list access-list-number {deny | permit}tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [log]

Question 14

Command to create a static NAT mapping

Answer 14

ip nat inside source static inside local inside global

Question 15

Command to see static NAT mappings

Answer 15

show ip nat translations

Question 16

5 steps to configuring dynamic NAT

Answer 16

1. Set an interface to inside
2. Set an interface to outside
3. Create ACL for the inside interface which identifies packets for which NAT should be performed
4. Create a pool of global IP’s for use in NAT
5. Bind the ACL and the pool together, enabling dynamic NAT

Question 17

Command to create an IP address pool for use with NAT

Answer 17

ip nat pool name first IP last IP netmask subnet mask

Question 18

Command to bind pool and ACL together to enable dynamic NAT

Answer 18

ip nat inside source list ACL # pool pool name

Question 19

Command to clear the NAT translation table

Answer 19

clear ip nat translation *

Question 20

2 variations to enable PAT

Answer 20

ip nat inside source list ACL # interface interface overload
ip nat inside source list ACL # pool pool name overload

Question 21

If an ACL omits the wildcard mask, what is the implied mask?

Answer 21

0.0.0.0

Question 22

What are the ranges for extended ACLs?

Answer 22

100 - 199

2000 - 2699

Question 23

Syntax for a standard numbered ACL

Answer 23

access-list {1-99 | 1300-1999} {permit | deny} [subnet wildcard mask | any ]

Question 24

Operational command to see:

- IPv4 ACLs
- All ACLs

Answer 24

show ip access-lists

show access-list

Question 25

Command to see access list application status on an interface

Answer 25

show ip interface *interface*

Question 26

Keywork to add to an ACL to help keep track of it's activity

Answer 26

log

Question 27

Keyword to run an operational command from inside of config mode

Answer 27

do

Question 28

What are the 3 types of ACLs?

Answer 28

Standard Extended Named

Question 29

Are named ACLs standard or extended?

Answer 29

Either, depends on how they are configured

Question 30

What is the difference between standard and extended ACLs?

Answer 30

``` Standard ACLs filter on source address Extended ACLs filter on: Source and Dest IP Source and Dest Port Other criteria ```

Question 31

What do extended ACLs filter on?

Answer 31

Source & Dest. IP Source & Dest. Port Others

Question 32

Command to implement an ACL on an interface

Answer 32

ip access-group *number* {in | out}

Question 33

ACL keyword that means "0.0.0.0" wildcard

Answer 33

host

Question 34

ACL keyword that means 0.0.0.0 255.255.255.255

Answer 34

any

Question 35

ACL keywords for greater than less than equal to

Answer 35

gt lt eq

Question 36

Command to apply an ACL to an interface

Answer 36

conf t interface gi1/0 ip access-group *ACL #* *in | out*

Question 37

Command to instantiate a named ACL

Answer 37

ip access-list {standard | extended} *name*

Question 38

If a numbered ACL doesn't use sequence numbers, how would a user remove one of it's lines?

Answer 38

They can't. The ACL must be deleted and re-added entirely.

Question 39

What effect does the log keyword have on an ACL?

Answer 39

It sends messages to the log file about the activity pertinent to that line in the ACL

Question 40

Command to set a static translation

Answer 40

ip nat inside source static *inside local IP* *inside global IP*

Question 41

Command to set an inside local interface

Answer 41

conf t interface *interface* ip nat inside

Question 42

Command to set an inside global interface

Answer 42

conf t interface *interface* ip nat outside

Question 43

When doing static NAT, how many lines are needed to set up the mappings?

Answer 43

1 line per inside local IP that will be used.