Study sets, textbooks, questions
Upgrade to remove ads
ccent set 6
Terms in this set (23)
6 types of IP access lists
how r access lists processed?
evaluate one statement at a time
what is at the end of access list?
implicit deny any packet
what criteria do standard IP access lists use to filter packets?
by source IP address
what criteria do extanded IP access lists use to filter packets
combo of source address, destination address, and protocols
what r the number ranges that define standard and extanded IP access lists?
standard IP : 1 to 99 and 1300 to 1999
extanded IP: 100 to 199 and 2000 to 2699
what r reflexive access lists?
allow IP packets to be filtered based on upper-layer session information.
what r dynamic access lists?
dynamically create access list entries on the router to allow user who has authenticated to the router through Telnet to access resource
what r time-based access lists?
enhancement to extended access lists that additionally consider the time of day
what two ways can IP access lists be applied to an interface?
inbound (more effective)
how to apply access list to an interface?
Only one access list per protocol, per direction, per interface .
Multiple access lists are permitted per interface, but they must be for different protocols or applied in different directions
2 things need to do to activate an access list
1. create the access list
2. apply or reference the access list
what things should be considered when configuring access lists?
1. ACL type (standard or extended)
2. only one ACL per interface, per protocol, per direction is allowed
4. every ACL needs at least one permit statement because of the implicit "deny any any" at the end of ACL
5. extended close to the source
6. standard close to the destination
Command to create a standard IP access list
access-list (number) (permit/deny) source-address wildcard-mask
example: RouterA(config) # access-list 10 deny 192.168.0.0 0.0.0.255
what are wildcard masks?
it defines which of 32 bits to look for. 0 means to look. 255 means dont look.
what is the cisco IOS command syntax that creates an extended access list?
access-list number permit/deny source-address wildcard-bits operate-port destination-address wildcard-bits operate-port
access-list 100 deny ip host 172.16.0.2 any
access-list 100 permit ip any any
it deny all the traffic from host 172.16.0.2 and permits all the others.
after creating a standard or extended IP access list, how do u apply it to an interface
ip access-group access-list-number in/out
what IOS commands will create an extended access list that denies web traffic to network 192.168.10.0/24?
access-list 1 deny tcp any 22.214.171.124 0.0.0.255 eq www
access-list 1 permit ip any any
create a named access lists that only blocks pings from networks 172.16.0.0/22 to host 192.168.0.101
ip access-list extended block-ping
deny icmp 172.16.0.0 0.0.3.255 host 192.168.0.101 echo
ip permit any any
a shortcut to find the wildcard mask is?
subtract the subnet mask from 255.255.255.255
Command that display all the configured access lists.
or show access-list
command that u can see whether an IP access list is applied to an interface
show ip interface interface-type interface-number
Sets with similar terms
CCENT Section 6
ICND1 (#6) Access Control Lists
Chapter 10 Networking Quiz
Chapter 10 Networking Quiz
Other sets by this creator
ccent set 9
ccent set 8
ccent set 7
Other Quizlet sets
Pharm Unit 3
Soc of deviance quiz 2