Standard IPv4 ACLs Configuration Quiz

Questions and Answers

What command is used to create a numbered standard IPv4 ACL?

• create access-list
• access-list (correct)
• configure acl
• ip access-list standard

Which of the following is NOT a valid access-list number for a numbered standard ACL?

• 1300
• 1500 (correct)
• 50
• 75

What is the function of the 'deny' command in a standard IPv4 ACL?

• Allow all traffic
• Block specific traffic (correct)
• Permit traffic by default
• Log denied traffic

What parameter is optional and provides documentation in a numbered standard ACL?

remark text (C)

What is true regarding the naming of a standard named ACL?

Names must be unique. (A)

What is the purpose of the 'log' option in a standard IPv4 ACL?

To generate an informational message when an ACE is matched (B)

What command would you use to remove a numbered standard ACL?

no access-list access-list-number (B)

Which wildcard mask is applied to the source in a numbered standard ACL?

32-bit wildcard mask (D)

What command is used to bind a standard IPv4 ACL to an interface?

ip access-group (A)

Which command is used to remove an ACL from an interface?

no ip access-group (D)

In an example numbered standard ACL, which IP address is allowed traffic?

192.168.10.10 (D)

What should you use to verify that an ACL is applied to the interface?

show ip interface (D)

What is the primary function of ACL 120 as described?

To permit returning web traffic to the inside hosts (B)

What does the notation 192.168.20.0/24 represent in the ACL example?

A subnet with 256 addresses (A)

What is the advantage of using named standard ACLs over numbered ones?

Easier to remember and manage (C)

What flag must be set for a packet to match the existing TCP connection according to the information provided?

ACK or RST flag (A)

Which command is used to create a named extended ACL?

ip access-list extended (A)

Which interface was used in the ACL example for permitting traffic?

serial 0/1/0 (D)

What does the named extended ACL called BROWSING permit?

Only returning web traffic to inside hosts (C)

What type of ACL is primarily concerned with layer 3 IP traffic?

Standard ACL (A)

Which command would you issue to view the current configuration of an ACL?

show running-config (D)

What is the effect of applying Extended ACLs on the R1 G0/0/0 interface?

It denies all traffic by default unless explicitly permitted (B)

What structure does a standard IPv4 ACL follow?

Permit or deny traffic based only on IP address (A)

What is the primary purpose of a named ACL in IPv4?

To manage and apply access control rules using sequence numbers (D)

What command is used to display statistics for each ACE in an ACL?

show access-lists (A)

Which statement about the deny any command is true?

It must be manually configured to track denied packets. (D)

How can an administrator reset the ACL statistics?

execute the clear access-list counters command (C)

What does the implied deny any statement do in an access control list?

Blocks all traffic unless otherwise specified. (B)

In the provided example, which IP address is denied access?

192.168.10.11 (D)

What is one of the objectives of the Packet Tracer activity mentioned?

Configure and verify standard numbered and named ACLs (C)

When an ACE is matched, which of the following is true about its statistics?

Both deny and permit ACEs show statistics. (B)

What is a characteristic of sequence numbers in named ACLs?

They help in the ordering of ACEs. (C)

What will happen if an ACE specifically permits an IP address?

Only that IP address will be allowed connectivity. (B)

What is the port number used for HTTP traffic in the configuration of extended ACLs?

80 (D)

What is the main purpose of the extended ACL 100 as stated in the configuration example?

To filter HTTP traffic (C)

Where are extended ACLs commonly applied according to the configuration examples?

Close to the source (B)

What does the established keyword in a TCP extended ACL allow?

Return traffic from inside to outside (D)

When is it necessary to configure a port number instead of a protocol name in ACLs?

When the protocol name is unknown (C)

What is the effect of applying ACL 110 inbound on the R1 G0/0/0 interface?

Permits HTTP and HTTPS traffic from a specific network (D)

Which of the following protocols has a specific port number listed in the examples?

SSH (A)

What traffic is denied by the TCP established extended ACL?

TCP traffic from outside hosts to inside hosts (D)

Which ACE approach achieves the same filtering result for HTTP traffic?

Using the port name www (B)

Which type of ACL is particularly designed to filter based on port numbers?

Extended ACL (B)

Flashcards are hidden until you start studying

Study Notes

Standard IPv4 ACLs - Configuration and Syntax

• Numbered standard ACLs range from 1 to 99 or 1300 to 1999 using the access-list command.
• Key commands:
  • deny: Blocks access if matched.
  • permit: Allows access if matched.
  • remark: Adds documentation (optional).
  • source: Specifies the address filtering.
  • source-wildcard: Optional 32-bit wildcard mask for the source.
  • log: Generates messages upon ACE match (optional).
• To delete a numbered ACL, use no access-list access-list-number.

Named Standard IPv4 ACLs

• Named ACLs are created with ip access-list standard, requiring unique, case-sensitive names.
• Naming ACLs enhances clarity within configuration outputs.

Applying Standard IPv4 ACLs

• After configuration, link ACLs to an interface using ip access-group.
• Remove an ACL with no ip access-group in interface configuration.

Examples of Standard IPv4 ACLs

• A numbered ACL example permits traffic from host 192.168.10.10 and the 192.168.20.0/24 network out interface serial 0/1/0 on router R1.
• Use show running-config to view ACLs and show ip interface to verify applied ACLs.

Modifying IPv4 ACLs

• Named ACLs can utilize sequence numbers to manage ACEs; example includes denying host 192.168.10.11.
• Use show access-lists for statistics on matched statements from ACLs; implicit deny statistics require a manual deny command for visibility.

Extended IPv4 ACLs - Configuration

• Extended ACLs allow filtering based on port numbers/names; example filters HTTP traffic using both port name and number 80.
• Apply extended ACLs close to the source for more control over traffic flow.

TCP Established Extended ACLs

• Use the TCP established keyword to permit returning traffic from established connections, blocking unsolicited inbound traffic.
• Example configuration allows returning web traffic to inside hosts, applied outbound on the R1 G0/0/0 interface.

Named Extended IPv4 ACLs

• Named extended ACLs created with ip access-list extended facilitate understanding of ACL functions.
• Example shows creating NO-FTP-ACCESS for clarity in ACL management.

Applying Named Extended IPv4 ACLs

• Two named extended ACLs demonstrate application:
  • SURFING: Permits inside HTTP and HTTPS traffic to exit to the internet.
  • BROWSING: Allows only returning web traffic to inside hosts while implicitly denying other outbound traffic.