Cisco 2 Chapter 9

Ace your homework & exams now with Quizwiz!

access-list 1 permit host 192.168.10.10

use a keyword to write this ACL better: access-list 1 permit 192.168.10.10 0.0.0.0

router

A ___________ acts as a packet filter when it forwards or denies packets according to filtering rules.

False

A standard ACL cannot be used to filter incoming or outgoing Telnet/SSH

access control list

ACL (expand)

One ACL per interface

ACLs control traffic for an interface

One ACL per direction

ACLs control traffic in one direction at a time on an interface. Two separate ACLs must be created to control inbound and outbound traffic.

access control entries

An ACL is a sequential list of permit or deny statements, known as ________ _______ _______ (ACEs)

True

Answer true if the following statements correspond to General Guidelines for creating ACLs: - Use ACLs in firewall routers - Use ACLs on a router in between two parts of your network - Configure ACLs on border routers - Configure ACLs for each network protocol on the border router interfaces

specific, general

Entering ACL entries should be ____________ to _________________ since the order in which the statements are entered is important (Internal Logic)

false

Extended ACLs only examine the source IPv4 address. The destination of the packet and the ports involved are not considered. True or False

True

If an inbound packet matches an ACL statement with a permit, it is sent to be routed. True or false

False

If there is an ACL on the outbound interface, it is automatically sent to that interface. True or false

extended

Locate _________ ACLs as closee as possible to the source of traffic to be filtered

True

Named ACLs can contain alphanumeric characters, and it is suggested that the name be written in CAPITAL LETTERS

False

Named ACLs can contain spaces or punctuation

100 to 199, 2000 to 2699

Numbered ACL: Extended IP ranges Format: _____ to _____, _______ to ________

1 to 99, 1300 to 1999

Numbered ACL: Standard IP ranges Format: _____ to _____, _______ to ________

standard

Place __________ ACLs as close to the destination as possible

Wildcard mask

Reverse of subnet mask; Uses bit 0 - Match the corresponding bit value in the address.; Uses bit 1 - Ignore the corresponding bit value in the address.; Also referred to as Inverse Mask

implicit deny

What is always the last statement of an ACL? It is automatically inserted at the end of each ACL even though it is not physically present.

blocks

The implicit deny ___________ all traffic

One ACL per protocol

To control traffic flow on an interface, an ACL must be defined for each protocol enabled on the interface.

False

True or False: This is a valid Extended IPv4 ACL command access-list 114 permit any tcp 192.168.20.0 0.0.0.255 eq 23

Inbound, Outbound

Two type of ACL Logic

Standard, Extended

Two types of Cisco IPv4 ACLs

Numbering, Naming

Two ways to identify (classify) ACLs

0.0.0.255

Wildcard Mask of the subnet mask 255.255.255.0

True

You can create a named standard ACL by: ip access-list [standard / extended] name True or False

Extended ACLs

_____________ can filter on: - Source address - Destination address - Protocol - Port numbers

Packet Filtering

____________________ sometimes called static packet filtering, controls access to a network by analyzing the incoming and outgoing packets and passing or dropping them based on given criteria, such as the source IP address, destination IP addresses, and the protocol carried within the packet.

access-class

command used to filter incoming or outgoing telnet/ssh sessions by source address

ip access-group

command used to link a configured ACL to an interface

no access-list

command used to remove the acl

show access-lists

command used to show access lists configured on the device

show ip interface

command used to verify ACLs

Extended ACLs

filer IP packets based on several attributes: - Source and dest IP addresses - Source and dest TCP and UDP ports - Protocol type/ Protocol number

Standard ACLs

filter IP packets based on the source address only

remark

keyword used for documentation and makes access lists a great deal easier to understand

established

keyword used only to allow ip traffic that has already been confirmed (one word)

host

keyword used to abbreviate the wildcard mask of 0.0.0.0

any

keyword used to abbreviate the wildcard mask of 255.255.255.255

eq

keyword used to determine the port number or name in an extended acl (two letters)

no ip access-group

to remove an ACL from an interface


Related study sets

Fundamentals final exam study guide PART 1

View Set

Chapter 1: Personal Finance Basic and the Time Value of Money

View Set

International Business Law and Ethics FINAL

View Set

World History, Technological and Environmental Transformations, Civilizations and Places

View Set

Test 2 Study Material - Fundamentals

View Set