Understanding ACLs in Networking

Questions and Answers

Which task performed by routers is NOT associated with the use of ACLs?

• Implement network topology changes (correct)
• Increase network performance
• Control traffic flow
• Provide security for network access

What type of ACL filters traffic using both the source and destination IPv4 addresses?

• Hierarchical ACLs
• Standard ACLs
• Basic ACLs
• Extended ACLs (correct)

At which layers can packet filtering occur in network traffic?

• Layer 5 and Layer 6
• Only at Layer 3
• Layer 3 and Layer 4 (correct)
• Layer 1 and Layer 2 only

Which statement about Standard ACLs is true?

They only filter traffic based on the source IPv4 address. (B)

What is one purpose of using ACLs in network management?

To prioritize certain classes of network traffic (D)

Which function do ACLs NOT perform?

Controlling bandwidth allocation for all users (C)

What does packet filtering determine about network packets?

Whether to forward or discard them (B)

What is one benefit of implementing ACLs in a network?

They enhance control over traffic flow. (A)

What is the purpose of placing a standard ACL on router R3 in this scenario?

To prevent traffic from the 192.168.10.0/24 network from reaching the 192.168.30.0/24 network. (A)

Why should the standard ACL not be applied to the R3 S0/1/1 interface?

It would deny traffic from the 192.168.10.0/24 network while additionally filtering traffic to another network. (B)

What is the best interface on R3 to apply the standard ACL to meet the traffic requirements?

R3 G0/0 interface outbound. (A)

What would be a consequence of applying the standard ACL inbound on the R3 S0/1/1 interface?

It would also filter traffic to the 192.168.31.0/24 network. (C)

What is the primary requirement when choosing an interface to place a standard ACL?

The ACL should not impact other networks accessible by the router. (D)

What does the keyword 'host' represent in wildcard masks?

All IPv4 address bits must match to filter just one host address. (D)

What does the keyword 'any' signify in wildcard masking?

The entire IPv4 address can be ignored. (B)

How many ACLs can a dual-stacked router interface have applied?

Four ACLs, one for each direction and protocol type. (C)

Which statement is true regarding ACLs on router interfaces?

The number and direction of ACLs depend on the organization's security policy. (C)

Which of the following is NOT a valid constraint on ACLs for router interfaces?

A router can have more than one inbound and outbound ACL. (A)

When configuring ACLs, which mask is represented by the keyword 'host'?

0.0.0.0 (D)

In the context of ACLs, what does 'state' an outbound ACL?

It filters outgoing traffic only. (C)

What is the effect of configuring an 'any' wildcard mask?

It ignores all bits of the IPv4 address during filtering. (D)

Which type of ACL is NOT categorized as an outbound ACL?

Inbound IPv4 ACL (A)

Which of the following best describes the nature of ACLs on router interfaces?

They are flexible and guided by security policies. (A)

What is the wildcard mask for the subnet 192.168.3.0/24?

0.0.0.255 (A)

Which access list entry (ACE) is correctly configured to permit all users in the subnet 192.168.3.32/28?

access-list 10 permit 192.168.3.32 0.0.0.15 (C)

What is the wildcard mask needed to permit network access for the summarized network 192.168.10.0/23?

0.0.1.255 (B)

How do you calculate a wildcard mask based on a subnet mask?

Subtract the subnet mask from 255.255.255.255 (B)

For the ACE 'access-list 10 permit 192.168.16.0 0.0.15.255', what is the range of permitted IPv4 addresses?

192.168.16.0 to 192.168.31.255 (D)

What is the binary representation of the IP address 192.168.16.0?

11000000.10101000.00010000.00000000 (D)

What is the subnet mask for the network 192.168.3.32/28?

255.255.255.240 (B)

What does the wildcard mask 0.0.0.255 indicate about the first three octets?

They must match exactly. (C)

In the context of ACL, what does the ACE 'access-list 10 permit 192.168.1.0 0.0.0.255' allow?

All devices on the 192.168.1.0 network. (B)

What is the decimal notation of the wildcard mask for the subnet mask 255.255.254.0?

0.0.1.255 (C)

Which of the following statements about wildcard masks is correct?

Wildcard masks determine access to specific addresses. (C)

What is the binary representation of the wildcard mask 0.0.15.255?

00000000.00000000.00001111.11111111 (B)

What is the significance of the IP range 192.168.31.0/24?

It indicates access for 256 IP addresses. (D)

What type of networks does the wildcard mask 0.0.15.255 cover?

192.168.16.0 to 192.168.31.0 (A)

In an ACL, what does a wildcard mask of 0.0.0.0 represent?

All bits must match exactly. (D)

Which ACE is appropriate to permit all devices in the 192.168.1.0/24 subnet?

access-list 10 permit 192.168.1.0 0.0.0.255 (A)

What does the wildcard mask 0.0.0.255 allow for the fourth octet?

It can be any value between 0 and 255. (B)

Which two subnets can be permitted using the wildcard mask 0.0.15.255?

192.168.16.0/24 and 192.168.31.0/24 (B)

What does the command 'access-list 10 permit 192.168.0.0 0.0.255.255' allow?

Access for all devices in the 192.168.0.0 to 192.168.255.255 networks. (C)

Flashcards are hidden until you start studying

Study Notes

Purpose of ACLs

• ACLs (Access Control Lists) are essential for router traffic identification.
• Limit network traffic to enhance performance.
• Control traffic flow and provide a basic security level for access.
• Filter traffic based on specific types, permitting or denying network service access.
• Prioritize certain classes of network traffic.

Packet Filtering

• Packet filtering manages network access by analyzing incoming and outgoing packets.
• Cisco routers offer two types of ACLs:
  • Standard ACLs: Filter only at Layer 3 using the source IPv4 address.
  • Extended ACLs: Filter at Layer 3 with source/destination IPv4 addresses and at Layer 4 using TCP/UDP ports.

Wildcard Masks in ACLs

• Wildcard masks help match specific IP ranges or subnets in ACLs.
• Example wildcard for matching a subnet:
  • Wildcard mask 0.0.0.255 allows all hosts in the 192.168.1.0/24 network.
• Wildcard masking for IP address ranges:
  • Mask 0.0.15.255 allows access from 192.168.16.0/24 to 192.168.31.0/24.

Wildcard Mask Calculation

• Calculate wildcard masks by subtracting the subnet mask from 255.255.255.255.
• Examples of calculations for ACEs:
  • 192.168.3.0/24: Mask 0.0.0.255
  • 192.168.3.32/28: Mask 0.0.0.15
  • Combined networks 192.168.10.0/23: Mask 0.0.1.255

Wildcard Mask Keywords

• host: Represents a mask that requires all address bits to match for one specific host.
• any: Represents a mask that accepts any IPv4 address, ignoring all address bits.

Guidelines for ACL Creation

• Limited number of ACLs per interface; dual-stacked routers can have up to four:
  • One outbound and one inbound IPv4 ACL.
  • One outbound and one inbound IPv6 ACL.

Types of IPv4 ACLs

• Consider placement when configuring ACLs:
  • Use standard ACL to prevent traffic from a specific network.
  • Best practices for applying ACLs depend on the network topology and access requirements.
• Example placement:
  • Inbound on R3 S0/1/1 can unintentionally filter additional traffic.
  • Outbound on R3 G0/0 allows traffic control without affecting other networks.