ICND1 Section 6 - IP Services - ACLs Flashcards

1
Q

What are the ranges for standard ACLs?

A

1-99

1300-1999

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Syntax for an extended numbered ACL

A

access-list access-list-number {deny | permit} protocol source IP wildcard mask destination IP wildcard mask [log]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 primary differences that named ACLs have vs numbered

A
  1. Names instead of numbers
  2. Uses ACL subcommands vs global commands to define the ACL
  3. ACL editing allows users to edit delete and add individual lines
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Command to delete a line from a numbered ACL with sequence numbers.

A

conf t
ip access-list {standard | extended} number
no seq number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Syntax to assign an ACL to a vty

A

access-class number {in | out}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Command to set a router to use an NTP server

A

conf t

ntp server server {version version}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2 commands to see how NTP is working on a router

A

show ntp status

show ntp associations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does “inside local” refer to?

A

Private IP’s used in NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does “inside global” refer to?

A

Public IP’s used in NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3 steps to configure a router to do static NAT

A
  1. Set up an interface as inside local
  2. Set up an interface as inside global
  3. Create a mapping between inside and outside IP’s
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Command to make an inside NAT interface

A

conf t
int gi0/0
ip nat inside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Command to make an outside NAT interface

A

conf t
int gi0/1
ip nat outside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TCP version of an extended ACL

A

access-list access-list-number {deny | permit}tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [log]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Command to create a static NAT mapping

A

ip nat inside source static inside local inside global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Command to see static NAT mappings

A

show ip nat translations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

5 steps to configuring dynamic NAT

A
  1. Set an interface to inside
  2. Set an interface to outside
  3. Create ACL for the inside interface which identifies packets for which NAT should be performed
  4. Create a pool of global IP’s for use in NAT
  5. Bind the ACL and the pool together, enabling dynamic NAT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Command to create an IP address pool for use with NAT

A

ip nat pool name first IP last IP netmask subnet mask

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Command to bind pool and ACL together to enable dynamic NAT

A

ip nat inside source list ACL # pool pool name

19
Q

Command to clear the NAT translation table

A

clear ip nat translation *

20
Q

2 variations to enable PAT

A

ip nat inside source list ACL # interface interface overload
ip nat inside source list ACL # pool pool name overload

21
Q

If an ACL omits the wildcard mask, what is the implied mask?

A

0.0.0.0

22
Q

What are the ranges for extended ACLs?

A

100 - 199

2000 - 2699

23
Q

Syntax for a standard numbered ACL

A

access-list {1-99 | 1300-1999} {permit | deny} [subnet wildcard mask | any ]

24
Q

Operational command to see:

- IPv4 ACLs
- All ACLs
A

show ip access-lists

show access-list

25
Q

Command to see access list application status on an interface

A

show ip interface interface

26
Q

Keywork to add to an ACL to help keep track of it’s activity

A

log

27
Q

Keyword to run an operational command from inside of config mode

A

do

28
Q

What are the 3 types of ACLs?

A

Standard
Extended
Named

29
Q

Are named ACLs standard or extended?

A

Either, depends on how they are configured

30
Q

What is the difference between standard and extended ACLs?

A
Standard ACLs filter on source address
Extended ACLs filter on:
    Source and Dest IP
    Source and Dest Port
    Other criteria
31
Q

What do extended ACLs filter on?

A

Source & Dest. IP
Source & Dest. Port
Others

32
Q

Command to implement an ACL on an interface

A

ip access-group number {in | out}

33
Q

ACL keyword that means “0.0.0.0” wildcard

A

host

34
Q

ACL keyword that means 0.0.0.0 255.255.255.255

A

any

35
Q

ACL keywords for
greater than
less than
equal to

A

gt
lt
eq

36
Q

Command to apply an ACL to an interface

A

conf t
interface gi1/0
ip access-group ACL # in | out

37
Q

Command to instantiate a named ACL

A

ip access-list {standard | extended} name

38
Q

If a numbered ACL doesn’t use sequence numbers, how would a user remove one of it’s lines?

A

They can’t. The ACL must be deleted and re-added entirely.

39
Q

What effect does the log keyword have on an ACL?

A

It sends messages to the log file about the activity pertinent to that line in the ACL

40
Q

Command to set a static translation

A

ip nat inside source static inside local IP inside global IP

41
Q

Command to set an inside local interface

A

conf t
interface interface
ip nat inside

42
Q

Command to set an inside global interface

A

conf t
interface interface
ip nat outside

43
Q

When doing static NAT, how many lines are needed to set up the mappings?

A

1 line per inside local IP that will be used.