Volume 2 - Chapter 6: Basic IPv4 Access Control Lists Flashcards
What is the range of values for a standard numbered ACL?
1 to 99
1300 to 1999 (additional ACL numbers)
What is the range of values for a extended numbered ACL?
100 to 199
2000 to 2699 (additional ACL numbers)
An access list where additional lines are added through a global command are referred to as?
Numbered ACLs
An access list where additional lines are added under an ACL subcommand are referred to as?
Named ACLs
Describe the difference between standard and extended ACLs.
Standard ACLs only match the source IP address.
Extended ACLs can match a large variety of criteria such as source IPs, destination IPs, source ports, destination ports, and others.
A network engineer wants to create an ACE entry to permit a single IP address of 10.3.75.4.
What are the 3 ways that this can be configured on a standard numbered access list?
access-list 1 permit 10.3.75.4
access-list 1 permit 10.3.75.4 0.0.0.0
access-list 1 permit host 10.3.75.4
A network engineer enters in the following command:
access-list 1 permit 172.21.240.5 0.0.0.0
What will the engineer see when reviewing the current running configuration using “show run”
The configuration that will appear is the following:
access-list 1 permit 172.21.240.5
By default, Cisco devices simplify the access list to remove the wildcard mask.
A network engineer enters in the following command:
access-list 1 permit host 172.21.240.5
What will the engineer see when reviewing the current running configuration using “show run”
The configuration that will appear is the following:
access-list 1 permit 172.21.240.5
By default, Cisco devices simplify the access list to remove the “host” portion
What is the format for a standard numbered ACL command?
access-list number permit/deny source source-wildcard
A network engineer wants to add an additional ACE entry to block the source subnet of 192.168.48.0 /20.
What is the command required to configure this?
access-list 1 deny 192.168.48.0 0.0.15.255
Access-list 5 has been configured and needs to be enabled inbound on interface Gi0/0/0.
What is the command required to configure this?
interface Gi0/0/0
ip access-group 1 in
What is the difference of output between the following commands:
show ip access-list
show access-list
“show ip access-list” only shows details about IPv4 access lists.
“show access-list” shows details about both IPv4 and IPv6 access-lists.
What command can be used to clear the current counters for all configured ACLs?
clear ip access-list counters