These basic rules should be followed when creating and applying access lis

what is the basic rules for ACLs?

Question Posted / vikram pratap singh

4 Answers
9827 Views
I also Faced
E-Mail Answers

Answer Posted / vikram pratap singh

These basic rules should be followed when creating and
applying access lists:

One access list per protocol per direction.
Standard IP access lists should be applied closest to the
destination.
Extended IP access lists should be applied closest to the
source.
Use the inbound or outbound interface reference as if
looking at the port from inside the router.
Statements are processed sequentially from the top of list
to the bottom until a match is found, if no match is found
then the packet is denied.
There is an implicit deny at the end of all access lists.
This will not appear in the configuration listing.
Access list entries should filter in the order from
specific to general. Specific hosts should be denied first,
and groups or general filters should come last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list.
A no access-list x command will remove the whole list. It
is not possible to selectively add and remove lines with
numbered ACLs.
Outbound filters do not affect traffic originating from the
local router.
There are many show commands that will verify the content
and placement of ACLs on the router.

The show ip interface command displays IP interface
information and indicates whether any ACLs are set.

The show access-lists command displays the contents of all
ACLs on the router.

show access-list 1 shows just access-list 1.

The show running-config command will also reveal the access
lists on a router and the interface assignment information.

Is This Answer Correct ?

2 Yes

0 No

Post New Answer View All Answers

Please Help Members By Posting Answers For Below Questions

What is the difference between an igp and an egp?

768

Explain the difference between igp and eigrp?

598

What is meant arp and rarp?

626

In which protocol you manually enable route summarization?

757

Referring to the commands shown, what command must next be used on the branch router prior to traffic being sent to the router?

815

Mention what is dhcp?

629

What command do we give if router ios is stucked?

615

Which type of routing you did in ccna?

686

Which protocol switch use for filling its mac-table?

623

What is the checksum?

630

What is ping? What is the usage of ping?

653

Tell us the name of best path in eigrp protocol?

627

What requirements should a VPN fulfill?

3107

What route entry will be assigned to dead or invalid route in case of RIP?

963

What does the meaning of interface 0/0?

3254