10 Questions
What is the purpose of the given configuration 'access-list 1 permit 192.168.1.0 0.0.0.255'?
Allow Telnet traffic from 192.168.1.0 network
Why is it advisable to apply standard access lists as close to the destination as possible?
To improve security by filtering traffic early in the network flow
In the given context, what would be the effect of changing 'permit' to 'deny' in the ACL statement?
Block Telnet traffic from all networks except 192.168.1.0
What is the significance of naming access lists instead of using numbers?
To allow for easier editing and management of access lists
How does applying an ACL on a VTY line differ from applying it on an interface?
Applying on VTY line filters only incoming management traffic to the device
What is a key advantage of using named access lists over numbered access lists?
Named access lists offer more flexibility in editing and managing ACL entries
If an explicit deny statement is not included in an extended access list, what will be the default action for traffic not explicitly permitted?
The traffic will be allowed by default
'Access-class 1 in' is applied on which interface line in the provided configuration?
Virtual Terminal (VTY) lines
'Operators eq (equal to), neq (not equal to), lt (less than), gt (greater than)' are used for what purpose in ACLs?
To set conditions for filtering traffic based on port numbers
What is a major advantage of using named access lists over numbered access lists?
Named access lists allow you to add specific remarks or comments next to each entry for better documentation
Study Notes
Access Control Lists (ACLs)
- Access Control Lists (ACLs) are used to filter traffic based on various criteria such as source, destination, protocol, and port number.
Standard Access Lists (SALs)
- SALs have a number range of 1-99.
- They can block a network, host, or subnet.
- They can only block or permit all traffic (two-way communication).
- They are implemented closest to the destination.
- Filtering is done based on only the source IP address.
Extended Access Lists (EALs)
- EALs have a number range of 100-199.
- They can block a network, host, subnet, or service.
- They can block or permit specific services (one-way communication).
- They are implemented closest to the source.
- They check source, destination, protocol, and port number.
Named Access Lists (NALs)
- NALs can be edited.
- They can be used to block specific traffic.
- They can be applied to an interface in either direction (inbound or outbound).
HSRP (Hot Standby Router Protocol)
- HSRP is a solution to traffic shifting issues.
- It generates a virtual gateway with a different IP address.
- It becomes the gateway for all hosts.
Access List Configuration
- Standard Access List creation:
Router(config)#ip access-list standard
- Extended Access List creation:
Router(config)#ip access-list extended
- Applying an Access List to an interface:
Router(config)#interface
andRouter(config-if)#ip access-group
Example of Access List Configuration
- Blocking HTTP traffic from 192.168.1.2 to 192.168.2.2:
R1(config)#access-list 100 deny tcp host 192.168.1.2 host 192.168.2.2 eq 80
- Blocking FTP traffic from 192.168.1.0 to 192.168.2.2:
R1(config)#access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.2 eq 21
- Blocking ICMP traffic from 192.168.1.0 to 192.168.2.3:
R1(config)#access-list 100 deny icmp 192.168.1.0 0.0.0.255 host 192.168.2.3 echo
Editing and Removing Access List Entries
- Editing a Named Access List:
R1(config)#ip access-list extended ABC
- Removing an Access List entry:
R1(config)#ip access-list extended ABC
andR1(config-ext-nacl)#no 50 deny icmp 192.168.1.0 0.0.0.255 host 192.168.2.3 echo-reply
Learn about access-list configurations and how to use HSRP as a networking solution. Understand the concept of gateway configurations and how to shift traffic using HSRP in a network setup.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free