You are on page 1of 2

5/28/2017 ACL Interview Questions and Answers | Networker Interview

Networker Interview
Prepare for CCNA, CCNP, CCIE Interview !


ACL Interview Questions and Answers Search
What is ACL?
Access Control List is a packet ៯�ltering method that ៯�lters the IP packets based on source and destination
address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network
Buy CCNA Interview
Questions & Answers PDF
What are di៛�erent Types of ACL?
­ 5$
There are two main types of Access lists:-
1.Standard Access List.
2.Extended Access List.

Explain Standard Access List?
Standard Access List examines only the source IP address in an IP packet to permit or deny that packet. It             

cannot match other ៯�eld in the IP packet. Standard Access List can be created using the access-list
numbers 1-99 or in the expanded range of 1300-1999. Standard Access List must be applied close to
destination. As we are ៯�ltering based only on source address, if we put the standard access-list close to the
source host or network than nothing would be forwarded from source.

      Click for Preview
R1(con៯�g)# access-list 10 deny host
R1(con៯�g)# int fa0/0 Buy VPN & ASA Firewall
R1(con៯�g-if)# ip access-group 10 in
Interview Questions and

Explain Extended Access List? Answers Pdf ­ 3 $
Extended Access List ៯�lters the network tra៝�c based on the Source IP address, Destination IP address,
Protocol Field in the Network layer, Port number ៯�eld at the Transport layer. Extended Access List ranges
from 100 to 199, In expanded range 2000-2699. Extended Access List should be placed as close to source
as possible. Since extended access list ៯�lters the tra៝�c based on speci៯�c addresses (Source IP, Destination
IP) and protocols we don’t want our tra៝�c to traverse the entire network just to be denied wasting the

R1(con៯�g)# access-list 110 deny tcp any host eq 23 Click for Preview
R1(con៯�g)# int fa0/0
R1(con៯�g-if)# ip access-group 110 in

Explain Named ACL and its advantages over Number ACL? Networker Interview
It is just another way of creating Standard and Extended ACL. In Named ACL names are given to identify
Like Page Share
It has following advantage over Number ACL - In Name ACL we can give sequence number which means
we can insert a new statement in middle of ACL. Be the first of your friends to like this

R1(con៯�g)# ip access-list extended CCNA
R1(con៯�g)# 15 permit tcp host host eq 23
R1(con៯�g)# exit­access­control­list­ 1/3

co. Ar Riyad At the end of each access list..0. R1(con៯�g)# int fa0/0 R1(con៯�g-if)# ip access-group ccna in What is Wildcard Mask? Wildcard mask is used with ACL to specify an individual and viewed "OSPF Interview Questions and Answers Access lists only ៯�lters tra៝�c that is going through the ACL Interview Questions and Answers | Networker Interview R1(con៯�g)# exit This will insert above statement at Line and viewed OSPF Interview Questions and Answers (Op. there is an implicit deny statement denying any packet for which the match mins ago arrived from google. those packets are ៯�rst processed through ACL and than from www.Using a wildcard mask "0. When an access-list is applied to outbound packets on interface.1. google. Multiple access lists are permitted per­access­control­list­ 2/3 . or a range of and viewed "OSI Model Interview Questions and http://networkerinterview. Because of this. one Interview" 3 mins ago A visitor from Singapore arrived statement at a time. A visitor from Mountain View.For /24 Subnet Mask . As soon as a match is made. those packets are ៯�rst routed to outbound interface and than processed through Any packets that are denied won’t be Andhra How Access Lists are processed? 45 secs ago Pradesh arrived from and viewed "ASA Firewall What is at the end of each Access List? Interview Questions and Answers [CCIE] | Networker Interview" 21 A visitor from Riyadh. Andhra 27 mins ago Pradesh arrived from and viewed "CCIE | Networker Access lists are processed in sequential.1.168.0.Host and viewed "BGP Interview Questions has not been found in the access access-group 10 in OUT .0 Wildcard Mask .255 How to permit or deny speci៯�c Host in ACL? 1.0 or 2. google. it indicates that octet in the address must match the corresponding reference exactly. #sh run access-list does not show number of Hit Counts. A visitor from Hyderabad. How many Access Lists can be applied to an interface on a Cisco router? We can assign only one access list per interface per protocol per direction which means that when creating Live Traffic Feed an IP access lists. the packet will be discarded. Example:. They will not ៯�lter the tra៝�c that has (Open Shortest Path First) | A visitor from Delhi arrived from Networker Interview" 30 mins ago originated from the router.. it indicates that octet need not to be Ontario Interview" 5 mins ago arrived from networkerinterview. and Answers | Networker Interview" A visitor from Vijayawada.1 Follow In which directions we can apply an Access List? 75 followers We can apply access list in two direction:- IN . evaluating packets from the top down. a network.255. California arrived from Key Information and viewed "BGP Interview Questions and Answers | Networker A visitor from India arrived from Interview" 27 mins ago Any access list applied to an interface without an access list being created will not ៯�lter tra៝�c.Using keyword "Host" Networker Interview Example:. but they must be for a di៛�erent protocol.ip access-group 10 out Di៛�erence between Inbound Access-list  and Outbound Access-list? When an access-list is applied to inbound packets on interface. Whenever a 255 is Di៛�erence between #sh access-list command and #sh run access-list command? #sh access-list shows number of Hit Counts.1 and viewed "OSPF Interview Questions and not evaluated against any more access list statements. the order of the statements within Answers [CCNP] | Networker A visitor from Ottawa.0. and the packet is from google. the permit or deny option is applied. Wildcard Mask is completely opposite to subnet mask. Whenever a zero is present.0" any access list is signi៯�cant. we can have only one inbound access list and one outbound access list per A visitor from India arrived interface.255. There is an implicit “deny” at the end of each access list which means that if a and viewed "CCNA | Networker Interview" 17 mins ago packet doesn’t match the condition on any of the lines in the access list. logical order.