what is the basic rules for ACLs?
- 4 Answers
- 9847 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / jitendera
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest
to the
destination.
Extended IP access lists should be applied closest
to the
source
only these two fundamental are the rules of the access-list
| Is This Answer Correct ? | 4 Yes | 0 No |
Answer / jitendra
shaen u r right but it is not like that what are u telling
in the 4 point all are included in these three part.
1 One access list per protocol per direction.
2 Standard IP access lists should be applied closest
to the
destination.
3 Extended IP access lists should be applied closest
to the source
| Is This Answer Correct ? | 4 Yes | 0 No |
Basic rules for ACLs are -
1. All deny statement have to be given first.
2. There should be at least one permit statement.
3. An implicit deny block all the traffic by default, when
there is no match.
4. We can configure one access-list per interface per
direction i.e. two ACL per interface. One in inbound
direction & one in outbound direction.
5. ACL works in sequential order.
6. Editing of access-list is not possible i.e. selecting,
adding or removing access-list statement is not possible.
| Is This Answer Correct ? | 3 Yes | 0 No |
Answer / vikram pratap singh
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest to the
destination.
Extended IP access lists should be applied closest to the
source.
Use the inbound or outbound interface reference as if
looking at the port from inside the router.
Statements are processed sequentially from the top of list
to the bottom until a match is found, if no match is found
then the packet is denied.
There is an implicit deny at the end of all access lists.
This will not appear in the configuration listing.
Access list entries should filter in the order from
specific to general. Specific hosts should be denied first,
and groups or general filters should come last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list.
A no access-list x command will remove the whole list. It
is not possible to selectively add and remove lines with
numbered ACLs.
Outbound filters do not affect traffic originating from the
local router.
There are many show commands that will verify the content
and placement of ACLs on the router.
The show ip interface command displays IP interface
information and indicates whether any ACLs are set.
The show access-lists command displays the contents of all
ACLs on the router.
show access-list 1 shows just access-list 1.
The show running-config command will also reveal the access
lists on a router and the interface assignment information.
| Is This Answer Correct ? | 2 Yes | 0 No |
Why Authentication Header (AH) is not compatible with the network that using NAT?????? Jitu, looking for u specially...!!!! U knw why i m looking for u..!!!
comparative networking features windows linux
Explain how many types of router?
Identify the default values that make up IGRP's composite metric? A.) Bandwidth B.) Load C.) Reliability D.) MTU E.) Delay
Which statement about Ethernet networks is true? A. The advantage of a full duplex is the ability to transmit data over 111 cable B. Full duplex Ethernet requires a point-to-point connection when only two nodes are present C. Ethernet switches can use full duplex mode to connect multiple nodes to a single pod of a switch D. Half duplex is a cut through packet processing method that is vow fast little error correction Full duplex is a store and forward method that is slower but has better error correction
What is a back off on an 802.3 networks? A. It is latency in store and forward switching B. It is the time used for token passing from machine to machine C. It is the retransmission delay that is enforced when a collision occurs D. It is the result of two nodes transmitting at the same time. The frames from each transmitting device collide and are damaged
Which works router do?
Why would you use static routing instead of dynamic routing? A.) When you want automatic updates of the routing tables B.) All the time C.) When you have very few routes and want to conserve bandwidth D.) When you have a gateway of last resort
Identify the command to configure the router to boot from an alternate IOS located in flash? A.) boot system flash IOS.exe B.) boot system tftp IOS.exe 172.16.5.1 C.) boot system alternate IOS.exe D.) boot system rom IOS.exe
Can u convert an ethernet port to a serial port (or) vice versa ?
What do you understand by ‘protocol’ in networking?
Hi, Can any one please tell me the experience of their CCNA interview,and please tell me all the questions they asked in the interview. Many Thanks...
CCNA 
