You are on page 1of 2

5/28/2017 ACL Interview Questions and Answers | Networker Interview

Networker Interview
Prepare for CCNA, CCNP, CCIE Interview !

CCNA CCNP CCIE Q UICK NO TES CCNA PD F  D O W NLO AD

ACL Interview Questions and Answers Search
Search
What is ACL?
Access Control List is a packet ៯�ltering method that ៯�lters the IP packets based on source and destination
address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network
Buy CCNA Interview
tra៝�c.
Questions & Answers PDF
What are di៛�erent Types of ACL?
­ 5$
There are two main types of Access lists:-
1.Standard Access List.
2.Extended Access List.

Explain Standard Access List?
Standard Access List examines only the source IP address in an IP packet to permit or deny that packet. It             

cannot match other ៯�eld in the IP packet. Standard Access List can be created using the access-list
numbers 1-99 or in the expanded range of 1300-1999. Standard Access List must be applied close to
destination. As we are ៯�ltering based only on source address, if we put the standard access-list close to the
source host or network than nothing would be forwarded from source.

      Click for Preview
Example:-
R1(con៯�g)# access-list 10 deny host 192.168.1.1
R1(con៯�g)# int fa0/0 Buy VPN & ASA Firewall
R1(con៯�g-if)# ip access-group 10 in
Interview Questions and

Explain Extended Access List? Answers Pdf ­ 3 $
Extended Access List ៯�lters the network tra៝�c based on the Source IP address, Destination IP address,
Protocol Field in the Network layer, Port number ៯�eld at the Transport layer. Extended Access List ranges
from 100 to 199, In expanded range 2000-2699. Extended Access List should be placed as close to source
as possible. Since extended access list ៯�lters the tra៝�c based on speci៯�c addresses (Source IP, Destination
IP) and protocols we don’t want our tra៝�c to traverse the entire network just to be denied wasting the
bandwidth.

Example:-
R1(con៯�g)# access-list 110 deny tcp any host 192.168.1.1 eq 23 Click for Preview
R1(con៯�g)# int fa0/0
R1(con៯�g-if)# ip access-group 110 in

Explain Named ACL and its advantages over Number ACL? Networker Interview
1,670 likes
It is just another way of creating Standard and Extended ACL. In Named ACL names are given to identify
access-list.
Like Page Share
It has following advantage over Number ACL - In Name ACL we can give sequence number which means
we can insert a new statement in middle of ACL. Be the first of your friends to like this

Example:-
R1(con៯�g)# ip access-list extended CCNA
R1(con៯�g)# 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23
R1(con៯�g)# exit
http://networkerinterview.net/entries/acl/acl­access­control­list­ 1/3

Di៛�erence between #sh access-list command and #sh run access-list command? #sh access-list shows number of Hit Counts.co. Ar Riyad At the end of each access list.192.1 Follow In which directions we can apply an Access List? 75 followers We can apply access list in two direction:- IN .net/entries/acl/acl­access­control­list­ 2/3 . Whenever a 255 is present. Andhra How Access Lists are processed? 45 secs ago Pradesh arrived from google.co. and Answers | Networker Interview" A visitor from Vijayawada. Whenever a zero is present. As soon as a match is made.Using a wildcard mask "0. Any packets that are denied won’t be routed. the permit or deny option is applied. When an access-list is applied to outbound packets on interface.Host 192. google.co.0. Example:. R1(con៯�g)# int fa0/0 R1(con៯�g-if)# ip access-group ccna in What is Wildcard Mask? Wildcard mask is used with ACL to specify an individual hosts. California arrived from google. A visitor from Hyderabad.sa and viewed "BGP Interview Questions has not been found in the access list. but they must be for a di៛�erent protocol.in and viewed "ASA Firewall What is at the end of each Access List? Interview Questions and Answers [CCIE] | Networker Interview" 21 A visitor from Riyadh.0..0.co.sg and viewed "OSPF Interview Questions and not evaluated against any more access list statements.in Key Information and viewed "BGP Interview Questions and Answers | Networker A visitor from India arrived from Interview" 27 mins ago Any access list applied to an interface without an access list being created will not ៯�lter tra៝�c.168. it indicates that octet in the address must match the corresponding reference exactly.com. there is an implicit deny statement denying any packet for which the match mins ago arrived from google. one Interview" 3 mins ago A visitor from Singapore arrived statement at a time. Because of this.0. the packet will be discarded. Multiple access lists are permitted per interface. from www.Using keyword "Host" Networker Interview Example:. Wildcard Mask is completely opposite to subnet mask.google.co.0 or 2.in and viewed OSPF Interview Questions and Answers (Op.255.1 0.net any access list is signi៯�cant.255.5/28/2017 ACL Interview Questions and Answers | Networker Interview R1(con៯�g)# exit This will insert above statement at Line 15.0. the order of the statements within Answers [CCNP] | Networker A visitor from Ottawa. or a range of network. a network.0.com. Andhra 27 mins ago Pradesh arrived from google. They will not ៯�lter the tra៝�c that has (Open Shortest Path First) | A visitor from Delhi arrived from Networker Interview" 30 mins ago originated from the router. those packets are ៯�rst processed through ACL and than routed. How many Access Lists can be applied to an interface on a Cisco router? We can assign only one access list per interface per protocol per direction which means that when creating Live Traffic Feed an IP access lists.ip access-group 10 out Di៛�erence between Inbound Access-list  and Outbound Access-list? When an access-list is applied to inbound packets on interface.0" Example:.1.For /24 Subnet Mask .168. #sh run access-list does not show number of Hit Counts. google. logical order..0 Wildcard Mask .ip access-group 10 in OUT . evaluating packets from the top down. we can have only one inbound access list and one outbound access list per A visitor from India arrived interface.1.255 How to permit or deny speci៯�c Host in ACL? 1.in and viewed "OSI Model Interview Questions and http://networkerinterview. those packets are ៯�rst routed to outbound interface and than processed through ACL. and the packet is from google.0.in and viewed "OSPF Interview Questions and Answers Access lists only ៯�lters tra៝�c that is going through the router. Ontario Interview" 5 mins ago arrived from networkerinterview. There is an implicit “deny” at the end of each access list which means that if a and viewed "CCNA | Networker Interview" 17 mins ago packet doesn’t match the condition on any of the lines in the access list.co.255. it indicates that octet need not to be evaluated.in and viewed "CCIE | Networker Access lists are processed in sequential. A visitor from Mountain View.