Standard ACL Statements Breakdown

Questions and Answers

What does the wildcard mask '0.0.0.0' indicate in an ACL statement?

It matches any IP address.

It allows all IP addresses except one.

It specifies a range of IP addresses.

It indicates a specific host address. (correct)

What range of autonomous numbers is used for standard ACLs?

200 to 255

1 to 99 (correct)

1 to 100

100 to 199

Which of the following is a reason to use the 'log' option in an ACL statement?

To generate an alert for the firewall.

To permanently block traffic.

To bypass the ACL for specific addresses.

To create a log entry for traffic matching the rule. (correct)

In an extended ACL statement, which protocol is NOT typically listed as an option?

HTTP

What is the purpose of specifying a destination address in an extended ACL?

To control access to specific devices in the network.

Which ACL statement denies access to a specific host while also logging attempts?

access-list 78 deny host 192.168.90.36 log

What do extended ACLs allow you to match as part of their configuration?

Protocols and both source and destination addresses

What does the term 'permit or deny' indicate in an ACL statement?

It determines whether traffic is allowed or blocked.

What is the primary function of an access control list (ACL) in this context?

To permit and deny specific traffic based on defined rules.

In the extended access list example provided, which network is being blocked from receiving information?

172.20.70.0

Which command is used to start configuring the access control list on the router?

Router(config)# access-list

What is the purpose of the command 'ip access-group _________ in or out'?

To apply the ACL to an interface for controlling incoming/outgoing traffic.

What subnet mask is used for the 172.20.70.0 network in this context?

255.255.255.0

Which of the following addresses must be blocked from reaching Cindy’s computer?

192.168.122.0 to 192.168.122.63

Which command allows users to exit the configuration mode back to the router prompt?

Router(config)# exit

What is the first step in configuring an ACL on a router?

Accessing the configuration terminal mode.

What must be done after creating the access list before it is functional?

Assign it to an interface.

What is the purpose of the access control list (ACL) mentioned?

To specify which IP addresses can communicate with each other.

Which command is used to enter the configuration mode on the router?

Router# configure terminal

When creating an ACL, at which point do you specify the direction of traffic?

When applying the access-list to an interface.

What must the router's interface command include after defining the ACL?

ip access-group

What does the term 'deny/permit specific addresses' imply in the context of an ACL?

It allows traffic from specific addresses while blocking others.

What should be included when writing an extended access list to allow specific communications?

Both permit and deny rules for traffic.

What is the function of input and output in the command 'ip access-group _________ in or out'?

Input refers to traffic received, output refers to traffic sent from the router.

In the context provided, which IP address should be explicitly denied access in the ACL?

172.59.2.18

What is a characteristic of extended access lists compared to standard access lists?

They can filter traffic based on additional criteria such as protocols and ports.

What is likely the first step when implementing an ACL on a router?

Identify the IP addresses that need to be controlled.

What is the main function of the access list named 'Media_Center'?

Permit traffic from 172.31.195.1 through 172.31.195.7 to the 192.168.125.0 network

How should the access-list be applied to an interface according to the installation process?

By configuring the command 'ip access-group in or out'

What is the purpose of the command 'deny all other traffic' in an access list?

To ensure only specified traffic is allowed

Which command would you use to create a named extended access list?

Router(config)# ip access-list extended Media_Center

What information is necessary to complete the access-list configuration on a router?

Router name, interface, and access-list number

What command begins the configuration of an access control list (ACL) on a router?

Router(config)# ip access-list extended

Which step follows placing the access list on the interface?

Router(config-if)# exit

In the command 'Router(config-if)# ip access-group _________ in or out', what should be provided in the blank?

ACL number or name

What is the purpose of the extended access list sample #5 mentioned?

To deny the first 15 usable addresses of the 192.168.15.0 network from reaching the 172.21.0.0 network

When applying an ACL, what must be indicated as part of the command structure?

Whether the access-list is applied in or out

What is required before copying the running configuration to the startup configuration?

Exit global configuration mode

What command is used to save the running configuration on a router?

Router# copy run start

Which IP addresses are being denied access in the extended access list sample to the 172.21.0.0 network?

192.168.15.0 to 192.168.15.14

What is the first step in configuring an ACL on a router?

Enter global configuration mode

What must be done to remove an access list from an interface?

Use the 'no ip access-group' command

Study Notes

Standard ACL Statements

• Standard ACLs use numbers ranging from 1 to 99.
• Commands include permit or deny, and they apply to source addresses only.
• Example: access-list 1 permit 192.168.90.36 0.0.0.0 allows the specified IP.
• Wildcard mask 0.0.0.0 indicates a match for the exact source address.
• access-list 78 deny host 192.168.90.36 log blocks a specific host and logs each matching packet.

Extended ACL Statements

• Extended ACLs range from 100 to 199.
• Includes protocols like TCP, UDP, ICMP, and IP, allowing for fine-grained traffic control.
• Source and destination addresses can be specified with wildcard masks.
• Example: access-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.12 0.0.0.0 permits IP traffic from one specific IP to another.
• Log entries are optional, indicating the traffic affected by the ACL statements.

ACL Configuration Steps

• Enter configuration mode with Router# configure terminal.
• Define the ACL with the appropriate commands.
• Assign the ACL to an interface with ip access-group followed by specifying inbound or outbound direction.
• Save the configuration with Router# copy run start.

Example ACL Problems

• Block devices from one network accessing specific other hosts using extended ACLs.
• For instance, deny network 172.20.70.0 from receiving data from a specified IP and control traffic from another specified range.
• Named ACLs, such as “Media_Center,” can be created to manage specific address ranges and deny all other traffic.

Address Ranges in ACLs

• ACLs can deny or permit ranges of addresses effectively.
• Blocking a range impacts multiple devices on specified networks.
• Specific implementations may vary based on network requirements with multiple formats for statements.

Description

Explore the components and syntax of a standard Access Control List (ACL) statement. This quiz will guide you through the elements including permit/deny actions, wildcard masks, and access-list numbering. Perfect for those looking to deepen their understanding of network security.