Questions and Answers
Extended ACLs permit or deny packets based on the source ______ address and destination IPv4 address.
IPv4
Numbered ACLs numbered 1-99, or 1300-1999 are standard ACLs, while ACLs numbered ______-199, or 2000-2699 are extended ACLs.
100
The ______ method to configure ACLs is using named ACLs, which provide better information about their purpose.
preferred
For example, naming an extended ACL ______-FILTER is far better than having a numbered ACL.
Signup and view all the answers
The ______ command is used to create a named ACL in global configuration mode.
Signup and view all the answers
R1(config-ext-nacl)# permit tcp ______ 0.0.0.255 any eq ftp
Signup and view all the answers
Standard ACLs can be numbered 1-99, while extended ACLs use numbers ______ to 199.
Signup and view all the answers
ACLs can filter packets based on various factors including protocol type, source and destination ______ ports.
Signup and view all the answers
To permit all hosts in the 192.168.16.0/24 to 192.168.31.0/24 networks, the wildcard mask is ______.
Signup and view all the answers
The resulting ACE in ACL 10 for the wildcard mask would be access-list 10 permit 192.168.16.0 ______.
Signup and view all the answers
To calculate the wildcard mask, subtract the subnet mask from ______.
Signup and view all the answers
For the 192.168.3.0/24 network, the subnet mask used is ______.
Signup and view all the answers
The wildcard mask calculated for 192.168.3.0/24 is ______.
Signup and view all the answers
For 14 users in the subnet 192.168.3.32/28, the wildcard mask calculated is ______.
Signup and view all the answers
The subnet mask for 192.168.3.32/28 is ______.
Signup and view all the answers
The ACE for the 192.168.3.32 subnet with the wildcard mask would be access-list 10 permit 192.168.3.32 ______.
Signup and view all the answers
The placement of the ACL may depend on the extent of organizational ______.
Signup and view all the answers
The binary representation of the wildcard mask 0.0.15.255 is ______.
Signup and view all the answers
The bandwidth of the ______ can also influence the placement of ACLs.
Signup and view all the answers
ACE stands for ______ in the context of access control lists.
Signup and view all the answers
Ease of ______ is a consideration when placing an access control list.
Signup and view all the answers
One type of ACL is known as a ______ ACL.
Signup and view all the answers
Another type of ACL is referred to as an ______ ACL.
Signup and view all the answers
The administrator wants to prevent traffic originating in the 192.168.10.0/24 network from reaching the 192.168.30.0/24 network by placing a standard ACL on router ______.
Signup and view all the answers
The standard ACL can be applied inbound on the R3 ______ interface to deny traffic from the 192.168.10.0/24 network.
Signup and view all the answers
Applying the ACL to the S0/1/1 interface would also filter traffic to the 192.168.______.0/24 network.
Signup and view all the answers
The standard ACL should not be applied to the R3 S0/1/1 interface because it would affect traffic to the 192.168.31.0/24 network and is not the ______ placement.
Signup and view all the answers
The best interface to apply the standard ACL on R3 is the ______ interface.
Signup and view all the answers
Applying the standard ACL outbound on the R3 G0/0 interface ensures that packets from the 192.168.10.0/24 network will still be able to reach the 192.168.______.0/24 network.
Signup and view all the answers
In the context of placing a standard ACL, ______ refers to the direction traffic is evaluated, whether inbound or outbound.
Signup and view all the answers
Standard ACLs are used primarily to filter traffic based on ______ addresses.
Signup and view all the answers
The goal of applying an ACL is to manage and control ______ between different networks.
Signup and view all the answers
There are two possible interfaces on R3 where the standard ACL can be applied, one being S0/1/1 and the other being ______.
Signup and view all the answers
A shortcut to calculating a wildcard mask is to subtract the subnet mask from ______.
Signup and view all the answers
Standard ACLs permit or deny packets based only on the source ______ address.
Signup and view all the answers
Extended ACLs permit or deny packets based on the source and destination IPv4 address, ______ type, and other criteria.
Signup and view all the answers
ACLS numbered 1-99, or 1300-1999, are classified as ______ ACLs.
Signup and view all the answers
Named ACLs is the preferred method when configuring ______.
Signup and view all the answers
Extended ACLs should be located as close as possible to the ______ of the traffic to be filtered.
Signup and view all the answers
Standard ACLs should be located as close to the ______ as possible.
Signup and view all the answers
ACLs do not have to be configured in both ______.
Signup and view all the answers
Every ACL should be placed where it has the greatest impact on ______.
Signup and view all the answers
Working with decimal representations of binary wildcard mask bits can be simplified by using the Cisco IOS keywords ______ and any.
Signup and view all the answers
Study Notes
Extended ACLs
- Permit or deny packets based on source and destination IPv4 addresses, protocol type, and TCP or UDP ports.
Types of IPv4 ACLs
-
Numbered ACLs:
- Standard ACLs use numbers 1-99 or 1300-1999.
- Extended ACLs use numbers 100-199 or 2000-2699.
-
Named ACLs:
- Preferred configuration method for clarity and management.
- Naming provides context (e.g., FTP-FILTER) versus numeric IDs.
Wildcard Masks
- Used to define IPv4 address ranges in ACLs.
- Example for a range: To permit hosts from 192.168.16.0 to 192.168.31.0, use wildcard mask 0.0.15.255.
- Wildcard mask calculation: Subtract subnet mask from 255.255.255.255.
- For network 192.168.3.0/24 → wildcard mask = 0.0.0.255.
- For subnet 192.168.3.32/28 → wildcard mask = 0.0.0.15.
Standard ACL Placement
- Aimed at preventing traffic from one network to another.
- Example placement: To block traffic from 192.168.10.0/24 to 192.168.30.0/24, apply standard ACL on router R3.
- Best practice for application:
- Outbound on G0/0 interface to avoid unnecessary filtering affecting other networks.
ACL Management Principles
- Number of ACLs per router interface is limited and should be applied considering organizational security policies.
- Standard ACLs filter based only on source IPv4 addresses.
- Extended ACLs filter by several additional criteria including destination IP and protocol types.
- ACL placement is crucial for network performance:
- Extended ACLs close to the traffic source to minimize load.
- Standard ACLs close to the destination to prevent unwanted traffic.
Key Terminology
- Access Control List (ACL): A set of rules that determines network traffic.
- Access Control Element (ACE): An individual rule within an ACL.
- Packet Filtering: The process of controlling network traffic based on defined rules.
- Keywords:
- host: Defines a single host.
- any: Represents any IP address.
Module Notes
- ACLs do not require bidirectional configuration.
- Efficiency of ACLs greatly depends on their placement within the network architecture.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the principles of Extended Access Control Lists (ACLs) in network security. It focuses on how these ACLs manage packet permissions based on various criteria such as IP addresses, protocol types, and port numbers. Test your understanding of these crucial elements in maintaining secure network operations.
