what is the basic rules for ACLs?
- 4 Answers
- 9809 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / jitendera
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest
to the
destination.
Extended IP access lists should be applied closest
to the
source
only these two fundamental are the rules of the access-list
| Is This Answer Correct ? | 4 Yes | 0 No |
Answer / jitendra
shaen u r right but it is not like that what are u telling
in the 4 point all are included in these three part.
1 One access list per protocol per direction.
2 Standard IP access lists should be applied closest
to the
destination.
3 Extended IP access lists should be applied closest
to the source
| Is This Answer Correct ? | 4 Yes | 0 No |
Basic rules for ACLs are -
1. All deny statement have to be given first.
2. There should be at least one permit statement.
3. An implicit deny block all the traffic by default, when
there is no match.
4. We can configure one access-list per interface per
direction i.e. two ACL per interface. One in inbound
direction & one in outbound direction.
5. ACL works in sequential order.
6. Editing of access-list is not possible i.e. selecting,
adding or removing access-list statement is not possible.
| Is This Answer Correct ? | 3 Yes | 0 No |
Answer / vikram pratap singh
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest to the
destination.
Extended IP access lists should be applied closest to the
source.
Use the inbound or outbound interface reference as if
looking at the port from inside the router.
Statements are processed sequentially from the top of list
to the bottom until a match is found, if no match is found
then the packet is denied.
There is an implicit deny at the end of all access lists.
This will not appear in the configuration listing.
Access list entries should filter in the order from
specific to general. Specific hosts should be denied first,
and groups or general filters should come last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list.
A no access-list x command will remove the whole list. It
is not possible to selectively add and remove lines with
numbered ACLs.
Outbound filters do not affect traffic originating from the
local router.
There are many show commands that will verify the content
and placement of ACLs on the router.
The show ip interface command displays IP interface
information and indicates whether any ACLs are set.
The show access-lists command displays the contents of all
ACLs on the router.
show access-list 1 shows just access-list 1.
The show running-config command will also reveal the access
lists on a router and the interface assignment information.
| Is This Answer Correct ? | 2 Yes | 0 No |
How Bridge Protocol Data Unit detect looping in Network? How Bridge Protocol Data Unit work? explain?
What is the default bandwidth of a serial connection? A.) 1200 baud B.) 1.544 Mbps (T1) C.) 10 Mbps D.) 96Kpbs
I want to configure a serial interface on a 7500 with a VIP card. What global config command would give me access to a serial interface on a 7500? A.) int 1/0/0 B.) int s 1/0/0 C.) int s 1/1 D.) int s0.1 E.) int s1
What is osi?
hi friends i donot know this is the networking question or not but if you help me then i will thankfull to you the problem is like that in my comnay there are 200 user which log one at a time now only one user is not able to get the dhcp address and othr are geting the dhcp my company sys admin is saying that this is the n/w fault while i am saying that this is not the n/w fault for the cleaerfication of my side i take a straight workng cable and connect that user directly to my cisco 24port switch now problem is stiil like that but one thing i wan to say he is geting manually ip and able to access internet he is able to ping the server but whrnever he tyeme \\<ip address of server> error comes like networl path provided not accepted by provider some thing like that. my systm admin is saying that i have o do somthing on my firewall but i am saying that no issue with firewall in that i connect my latop to the spefic port from where the user is conected then i am geting dhcp ip address and i am able to connect the server also i donot know why this is happen my syadmin is senior to me so i canot blame him plz help e what to do i am very weak in the filed of systym jitendera kumar sinha
What layer can optionally support reliability? A.) Transport B.) IP C.) Physical D.) Network E.) Sub-physical layer
What is the network subnet?
Which IP Address Class can have 64,000 subnets with 64,000 hosts per subnet? A. Class B B. Class A C. Class C D. Class D
Identify the command that configures the bandwidth to 56K? A.) Router(config-if)# bandwidth 56000 B.) Router(config-if)# bandwidth 56k C.) Router(config)# bandwidth 56 D.) Router(config-if)# bandwidth 56
Identify the 2 characteristics regarding MAC addresses? A.) Contains a network portion and host portion B.) Always assigned by System Administrator C.) 48 bits long D.) Contains a vendor code and serial number
Which of the following is a connectionless protocol at the Transport layer? A.) UDP B.) ARP C.) ICMP D.) RARP E.) IP F.) FTP
A router on one side of a PPP link uses the resonance RTR1 and the password COPP1-PWD. Which configuration line on RTR1 enables a connection between RTR1 and another router named RTR2? A. username, RTR2 password COPR1-PWD, B. username, RTR1 password COPR1-PWD, C. username, RTR2 password COPR2-PWD, D. username, RTR1 password COPR2-PWD,
CCNA 
