CCNA Study Guide

This Blog highlights CCNA study materials for those pursuing the CCNA EXAM 640-801.It is a must read for those going for the exam and need last minute total recall.

Click Here for CCNA exams qns!

Tuesday, March 21, 2006

ACCESS-LISTS


Access lists are compared in the order of the lines, and only until a match was made. There is also an implicit deny at the end that the packet will be thrown out if there is no match. Usually want to place commonly matched lines at the top of the list. The list is created and then applied to a specific interface.

“access-list

1-99 IP Standard
100-199 IP Extended
200-299 Protocol type-code
300-399 DECNet

600-699 Appletalk
700-799 48-bit MAC address
800-899 IPX Standard
900-999 IPX Extended
1000-1099 IPX SAP
1100-1199 Extended 48-bit MAC
1200-1299 IPX Summary Address

“access-group ” Use group to apply the access-list to an interface. Only one access list is allowed in, and one outbound from the interface. Wildcard 0.0.0.255 will give access/deny access to all nodes in the range. Set to 0.0.0.0 will allow only that host.


In standard IP access lists, we can only compare with source address information.

In extended, we can limit via source address, destination address, protocol, and port information.

Clear access-list will clear the counters for the access list and start new.
Show ip access-list will show only IP based access lists.
Show IP interface e0 will show what access-list is applied to the interface.

IP standard access lists use which of the following as a basis for permitting or denying packets?
Source address

To specify all hosts in the class B IP network 172.16.0.0, which wildcard access list mask would you use?
0.0.255.255 The access list is the opposite of the IP. If you want all hosts on the subnet for Class B, you would enter 0.0.255.255. This accepts any address in the octet.

IP extended access lists use which of the following as a basis for permitting or denying packets?
Access list can look at the source and destination access lists when making filtering decisions, but can also filter by port and protocol.

Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?
172.16.30.55 0.0.0.0 or host 172.16.30.55

Which of the following access lists will allow only WWW traffic into network 196.15.7.0?
Access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www

Which of the following will show which ports have IP access lists applied?
Show ip interface and show running config

Which of the following are logged when IP access list logging is enabled?
Source address, source port, destination address, destination port, protocol, and access list number.

Which of the following commands will show an extended access list 187?
Sh ip access-list and sh access-list 187

What is the IP extended access list range?
100-199

Which of the following commands is valid for creating an extended IP access list?
Access-list 101 permit tcp host 172.16.30.0 any eq 21 log


What are three ways to monitor IP access lists?
Sh ip interface, sh run, and sh access-lists

0 Comments:

Post a Comment

<< Home