ACLs for IPv4 Configuration - Module 5

Questions and Answers

All access control lists (ACLs) must be ______.

planned

It is suggested that you use a text ______ and write out the specifics of the policy.

editor

Include ______ to document the ACL.

remarks

Always thoroughly test an ACL to ensure that it correctly applies the desired ______.

policy

Configure a standard IPv4 ACL to secure ______ access.

VTY

Use sequence numbers to edit existing standard ______ ACLs.

IPv4

Configure extended IPv4 ACLs to filter traffic according to networking ______.

requirements

Add the IOS configuration ______ to accomplish those tasks.

commands

A standard ACL can secure remote administrative access to a device using the ______ lines.

vty

The access-class command is used to secure ______ access.

remote administrative

To restrict access to the vty lines, an ACL must be applied to incoming ______.

traffic

The local database entry for users includes a username and ______.

password

After configuring the ACL, it's important to verify the VTY port is ______.

secured

To check ACL statistics, you can use the ______ command.

show access-lists

SSH traffic needs to be ______ for secure VTY access.

permitted

The example demonstrates how to configure an ACL to filter ______ traffic.

vty

The ACL needs to identify which administrative ______ should be allowed remote access.

hosts

R1 is configured to use the local database for ______.

authentication

The current statement must be deleted first with the no 10 ______.

command

Named ACLs can also use sequence ______ to delete and add ACEs.

numbers

An ACE is added to deny hosts ______.

192.168.10.11

The show access-lists command shows statistics for each statement that has been ______.

matched

The deny ACE has been matched ______ times.

20

The permit ACE has been matched ______ times.

64

The implied deny any statement does not display any ______.

statistics

To track how many implicit denied packets have been matched, you must manually configure the ______ command.

deny any

Use the clear access-list ______ command to clear the ACL statistics.

counters

In this Packet Tracer, you will complete the following objectives: Configure Devices and Verify ______.

Connectivity

The established keyword enables inside traffic to exit the inside private network and permits the returning reply traffic to enter the inside private ______.

network

ACL 120 is configured to only permit returning web traffic to the inside ______.

hosts

A match occurs if the returning TCP segment has the ACK or reset (RST) flag bits set, indicating that the packet belongs to an existing ______.

connection

To create a named extended ACL, use the ip access-list ______ configuration command.

extended

The named extended ACL called NO-FTP-ACCESS is created in the named extended ACL ______ mode.

configuration

Extended ACLs can filter on different port number and port name ______.

options

The first ACE uses the www port ______.

name

Both ACEs achieve exactly the same ______.

result

Configuring the port number is required when there is not a specific ______ name listed.

protocol

ACL 110 is applied inbound on the R1 G0/0/0 ______.

interface

The ACL permits both HTTP and ______ traffic.

HTTPS

TCP can also perform basic stateful firewall services using the TCP established ______.

keyword

Extended ACLs can be applied in various ______.

locations

In this example, the ACL filters ______ traffic.

HTTP

The example configures an extended ACL 100 to filter ______ traffic.

HTTP

Study Notes

Module Overview

• Focus on implementing IPv4 Access Control Lists (ACLs) to filter traffic and secure administrative access.

Objectives

• Configure Standard IPv4 ACLs to meet networking requirements.
• Modify existing IPv4 ACLs using sequence numbers.
• Secure Virtual Terminal (VTY) ports with Standard IPv4 ACLs.
• Configure Extended IPv4 ACLs for detailed traffic filtering.

Configure Standard IPv4 ACLs

• Planning is essential: draft policies using a text editor before configuration.
• Use IOS commands to apply configurations following the planned policy.
• Include remarks for documentation purposes.
• Test ACLs thoroughly to ensure proper functionality.
• Modifying ACLs requires deleting the current configuration first with the no {sequence number} command.

Modifying IPv4 ACLs

• Named ACLs can be modified using sequence numbers for adding or deleting Access Control Entries (ACEs).
• Use show access-lists to check statistics of matched entries.
• The implicit deny statement does not display statistics unless manually configured with deny any.

Secure VTY Ports with Standard IPv4 ACL

• Secure remote access to devices using the VTY lines by creating and applying an ACL.
• Example configuration includes user authentication settings and permissions for SSH traffic.
• Verify VTY security through show access-lists to ensure correct restrictions are in place.

Configure Extended IPv4 ACLs

• Extended ACLs filter traffic based on specific protocols and port numbers.
• Example: ACL can filter HTTP and HTTPS traffic using both protocol names (like www) and port numbers (like 80).
• Generally applied close to the source of traffic for effectiveness.

TCP Established Extended ACL

• Allows stateful firewall functions with the TCP established keyword, permitting replies to outgoing requests while blocking unsolicited inbound traffic.
• Example involves configuring an ACL to allow only returning web traffic from the internet to internal hosts, based on TCP flags.

Named Extended IPv4 ACL

• Use descriptive naming for easy identification of ACL functions.
• Create named extended ACLs with the command ip access-list extended {name}.
• Enter ACE statements in the named ACL configuration mode for clarity.

Additional Practical Applications

• Named extended ACLs can manage multiple types of traffic through specific configurations like SURFING, which allows HTTP and HTTPS traffic to exit while restricting FTP access.

Description

This quiz covers the objectives and configurations related to IPv4 Access Control Lists (ACLs) as part of the Enterprise Networking, Security, and Automation curriculum. Gain a deeper understanding of how to implement ACLs to filter traffic and secure administrative access effectively.