You are on page 1of 2

5/28/2017 ACL Interview Questions and Answers | Networker Interview

Networker Interview
Prepare for CCNA, CCNP, CCIE Interview !


ACL Interview Questions and Answers Search
What is ACL?
Access Control List is a packet ៯�ltering method that ៯�lters the IP packets based on source and destination
address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network
Buy CCNA Interview
Questions & Answers PDF
What are di៛�erent Types of ACL?
­ 5$
There are two main types of Access lists:-
1.Standard Access List.
2.Extended Access List.

Explain Standard Access List?
Standard Access List examines only the source IP address in an IP packet to permit or deny that packet. It             

cannot match other ៯�eld in the IP packet. Standard Access List can be created using the access-list
numbers 1-99 or in the expanded range of 1300-1999. Standard Access List must be applied close to
destination. As we are ៯�ltering based only on source address, if we put the standard access-list close to the
source host or network than nothing would be forwarded from source.

      Click for Preview
R1(con៯�g)# access-list 10 deny host
R1(con៯�g)# int fa0/0 Buy VPN & ASA Firewall
R1(con៯�g-if)# ip access-group 10 in
Interview Questions and

Explain Extended Access List? Answers Pdf ­ 3 $
Extended Access List ៯�lters the network tra៝�c based on the Source IP address, Destination IP address,
Protocol Field in the Network layer, Port number ៯�eld at the Transport layer. Extended Access List ranges
from 100 to 199, In expanded range 2000-2699. Extended Access List should be placed as close to source
as possible. Since extended access list ៯�lters the tra៝�c based on speci៯�c addresses (Source IP, Destination
IP) and protocols we don’t want our tra៝�c to traverse the entire network just to be denied wasting the

R1(con៯�g)# access-list 110 deny tcp any host eq 23 Click for Preview
R1(con៯�g)# int fa0/0
R1(con៯�g-if)# ip access-group 110 in

Explain Named ACL and its advantages over Number ACL? Networker Interview
It is just another way of creating Standard and Extended ACL. In Named ACL names are given to identify
Like Page Share
It has following advantage over Number ACL - In Name ACL we can give sequence number which means
we can insert a new statement in middle of ACL. Be the first of your friends to like this

R1(con៯�g)# ip access-list extended CCNA
R1(con៯�g)# 15 permit tcp host host eq 23
R1(con៯�g)# exit­access­control­list­ 1/3

Di៛�erence between #sh access-list command and #sh run access-list command? #sh access-list shows number of Hit Ar Riyad At the end of each access list.192.1 Follow In which directions we can apply an Access List? 75 followers We can apply access list in two direction:- IN .net/entries/acl/acl­access­control­list­ 2/3 . Whenever a 255 is present. Andhra How Access Lists are processed? 45 secs ago Pradesh arrived from and Answers | Networker Interview" A visitor from Vijayawada. Whenever a zero is present. As soon as a match is made.Using a wildcard mask "0. Any packets that are denied won’t be routed. the permit or deny option is applied. When an access-list is applied to outbound packets on interface.Host 192. Example:. R1(con៯�g)# int fa0/0 R1(con៯�g-if)# ip access-group ccna in What is Wildcard Mask? Wildcard mask is used with ACL to specify an individual hosts. California arrived from google. A visitor from and viewed "BGP Interview Questions has not been found in the access list. but they must be for a di៛�erent and viewed "ASA Firewall What is at the end of each Access List? Interview Questions and Answers [CCIE] | Networker Interview" 21 A visitor from and viewed "OSPF Interview Questions and not evaluated against any more access list Key Information and viewed "BGP Interview Questions and Answers | Networker A visitor from India arrived from Interview" 27 mins ago Any access list applied to an interface without an access list being created will not ៯�lter tra៝�c.168. it indicates that octet in the address must match the corresponding reference there is an implicit deny statement denying any packet for which the match mins ago arrived from google. one Interview" 3 mins ago A visitor from Singapore arrived statement at a time. Because of this.0. the packet will be discarded. Multiple access lists are permitted per interface. from www.Using keyword "Host" Networker Interview Example:. Wildcard Mask is completely opposite to subnet or and viewed OSPF Interview Questions and Answers (Op.255.1 any access list is signi៯�cant.255.5/28/2017 ACL Interview Questions and Answers | Networker Interview R1(con៯�g)# exit This will insert above statement at Line 15.0. the order of the statements within Answers [CCNP] | Networker A visitor from Ottawa. or a range of network. a Andhra 27 mins ago Pradesh arrived from google. They will not ៯�lter the tra៝�c that has (Open Shortest Path First) | A visitor from Delhi arrived from Networker Interview" 30 mins ago originated from the router. those packets are ៯�rst processed through ACL and than routed. How many Access Lists can be applied to an interface on a Cisco router? We can assign only one access list per interface per protocol per direction which means that when creating Live Traffic Feed an IP access lists.ip access-group 10 out Di៛�erence between Inbound Access-list  and Outbound Access-list? When an access-list is applied to inbound packets on interface.0" Example:.1.For /24 Subnet Mask .168. #sh run access-list does not show number of Hit Counts. google. logical order..0 Wildcard Mask .ip access-group 10 in OUT . evaluating packets from the top down. we can have only one inbound access list and one outbound access list per A visitor from India arrived interface.1.255 How to permit or deny speci៯�c Host in ACL? and viewed "OSI Model Interview Questions and http://networkerinterview. those packets are ៯�rst routed to outbound interface and than processed through ACL. and the packet is from and viewed "OSPF Interview Questions and Answers Access lists only ៯�lters tra៝�c that is going through the router. Ontario Interview" 5 mins ago arrived from networkerinterview. There is an implicit “deny” at the end of each access list which means that if a and viewed "CCNA | Networker Interview" 17 mins ago packet doesn’t match the condition on any of the lines in the access it indicates that octet need not to be and viewed "CCIE | Networker Access lists are processed in sequential. A visitor from Mountain View.