IPv4 ACLs Flashcards
What is an Access Control List (ACL)?
A set of rules that controls network traffic and reduces network attacks
What are the two main types of IPv4 ACLs?
Standard ACLs and Extended ACLs
What do Standard ACLs filter by?
Source IP address only
What range of numbers do Standard ACLs use?
1-99 and 1300-1999
Where should Standard ACLs be placed?
Close to the destination
What command creates a Standard ACL?
access-list [1-99] permit|deny [source] [wildcard]
What command applies a Standard ACL to an interface?
ip access-group <number> in|out</number>
What do Extended ACLs filter by?
Source and destination IP addresses; protocols; and port numbers
What range of numbers do Extended ACLs use?
100-199 and 2000-2699
Where should Extended ACLs be placed?
Close to the source
What command creates an Extended ACL?
access-list 101 deny tcp 192.168.10.0 0.0.0.255 172.16.5.0 0.0.0.255 eq 80
What command applies an Extended ACL to an interface?
ip access-group [number] in|out
What protocol keywords can be used in Extended ACLs?
ip; tcp; udp; icmp; etc.
What does the ‘eq’ keyword specify in an ACL?
A specific port number or service (e.g.; eq 80 for HTTP)
What does the wildcard mask in an ACL do?
It specifies which bits of an IP address to ignore in comparisons
What is an implicit deny in ACLs?
A default rule at the end of every ACL that denies all traffic not explicitly permitted
What command shows the applied ACLs and statistics?
show access-lists
How can ACLs affect routing?
They do not affect routing decisions; only packet forwarding through the router
What is the difference between named and numbered ACLs?
Named ACLs use custom names and offer more configuration options
What command starts a named ACL?
ip access-list standard|extended <name></name>
How do you remove a specific rule from a named ACL?
Use the ‘no’ command followed by the rule
Can ACLs be used for VTY (telnet/SSH) lines?
Yes; to control remote access to the router
