Scribd Logo
Hochladen

Willkommen bei Scribd!

  • CCNA4CH5SG

    Hochgeladen von

    Austin Livengood
    397 Ansichten4 Seiten
    Developed by General Dynamics CCNA 4E Chapter 5 Access Control List V 4. What numbers define a Standard IP ACL? What numbers define an extended ip ACL?

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    DOC, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Developed by General Dynamics CCNA 4E Chapter 5 Access Control List V 4. What numbers define a Standard IP ACL? What numbers define an extended ip ACL?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    397 Ansichten4 Seiten

    CCNA4CH5SG

    Hochgeladen von

    Austin Livengood
    Developed by General Dynamics CCNA 4E Chapter 5 Access Control List V 4. What numbers define a Standard IP ACL? What numbers define an extended ip ACL?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    CCNA 4E Chapter 5 Access Control List V 4.

    0 March 2008
    How are the lines of an Access Control List evaluated? Using the following diagram, create a standard TCP/UDP source port TCP/UDP destination port access-list 2 deny host 192.5.5.0 access-list 2 permit 192.5.5.0 0.0.0.255 access-list 2 deny 192.5.5.0 0.0.255.255 access-list 2 permit 192.0.0.0 0.255.255.255 int fa0/0 access-group 50 out

    ACL that will deny traffic from 210.93.105.4 to the 192.5.5.0 network but will allow traffic from all other hosts:

    In the wildcard mask of an Access Control List, the 0 means what? The 1 means what? In an Access Control List, the wildcard mask of 255.255.255.255 can be substituted using what word? What information does the command show access list display? Create an Extended ACL to prevent host 210.93.105.50 from accessing an FTP server located at 192.5.5.148

    The zero means: do not search this octet The one means: search this octet Search all All ACLs created or all networks permitted and allowed access-list 105 deny tcp host 210.93.105.50 host 192.5.5.148 access-list 105 permit ip any any ip access-group 105 in

    What are the four parameters that a Standard or Extended ACL (Named or Numbered) can use to filter data traffic?

    Numbered: (1 to 99) and (1300 to 1999): Standard IP ACL (100 to 199) and (2000 to 2699): Extended IP ACL Named: Names can contain alphanumeric characters. It is suggested that the name be written in CAPITAL LETTERS. Names cannot contain spaces or punctuation and must begin with a letter. You can add or delete entries within the ACL.

    Developed by General Dynamics

    CCNA 4E Chapter 5 Access Control List V 4.0 March 2008


    What numbers define a Standard IP ACL? What numbers define an Extended IP ACL? IPX? Why use Access Control Lists? Standard: numbers 600 to 699 are used by AppleTalk, Extended: numbers 800 to 899 are used by IPX. ACLs provide a powerful way to control traffic into and out of your network. You can configure ACLs for all routed network protocols. Ignore all Locate extended ACLs as close as possible to the source of the traffic denied. This way, undesirable traffic is filtered without crossing the network infrastructure.

    In an Access Control List, the wildcard mask of 0.0.0.0 can be substituted using what word? What is the rule concerning the number of ACL control list that can be placed on a port for each of the routing protocols?

    Which of the following commands would be used to correctly configure a standard ACL? A. Router# access-list 10 permit any B. Router# access-list 10 permit host any C. Router(config)# access-list 10 permit any D. Router(config)# access-list 10 permit any any E. Router(config-access-list)# access-list 10 permit any Assuming it is correctly applied on the proper interface, what affect will the following ACL have on network traffic? access-list 142 deny tcp 172.16.0.0 0.0.255.255 any eq 80 access-list 142 permit ip any any Describe how the wildcard mask of 0.0.0.15 will affect network traffic: As an ACL is evaluated, what happens when a parameter on the list matches an input? How would you remove an ACL? - Standard - Extended - Named Under what circumstance would the creation of an ACL have immediate affect on the network? access-list 199 deny tcp host 192.168.43.6 any eq 23 Assuming the access list is correctly applied to an interface, what effect will this ACL have on network traffic? What is a firewall router and how are Access Developed by General Dynamics 2

    Because standard ACLs do not specify destination addresses, place them as close to the destination as possible. C would be correct

    All 172.16.0.0 but deny all others

    It will stop searching at the fourth octet when, 15 matches. It is permitted Same as adding it Just a bit different

    When there is a new set up within the network that is in the deny range Deny all 192.168.43.6 but allow all others, but forgot permit ip any any

    A firewall router denies everything outside of

    CCNA 4E Chapter 5 Access Control List V 4.0 March 2008


    Control List used on them? What ACL related information does the command show ip interface display? What are three advantages of using named access lists? the Lan but allows all inside. They are used to apply the firewall router. It shows all ip routes that are active. The name can be meaningful and indicative of the lists purpose. This is particularly important for documentation and maintenance purposes. This can also benefit anyone having to support the ACLs later. You can selectively delete specific lines within a named access list, something that cant be done with numbered lists. This gets around the limitation on the quantity of numbered ACLs, although this is less of an issue than before the additional numbers added with v12.1.

    If there are no matches to the parameters define in an ACL, what happens? What is the default last command in Access Control List on Cisco devices that is not visible? Select the commands that will apply the ACL in the diagram to filter traffic going to the 192.168.2.0 network:

    Garbage Access-list any any A,B,C

    If you own both routers: - If you own Router 1: - If you own Router 2: Extended ACLs are placed/deployed where? Create a Named Extended Access List to prevent host 210.93.105.50 from accessing an FTP server located at 192.5.5.148

    On the serial ports This will block the access-list from the the ip address 192.5.5.148. But by placing the last few lines in the route will place where this will be blocked. access-list 111 deny tcp 204.204.7.89 0.0.0.0 196.6.13.254 0.0.0.0 eq 21(ftp) access-list 111 permit tcp any any interface fa0/0

    Developed by General Dynamics

    CCNA 4E Chapter 5 Access Control List V 4.0 March 2008


    ip access-group 111 in

    Name and describe the three types of Complex Access Control List:

    Dynamic ACLs: Users that want to traverse the router are blocked until they use Telnet to connect to the router and are authenticated Reflexive ACLs: Allows outbound traffic and limits inbound traffic in response to sessions that originate inside the router Time-based ACLs: Allows for access control based on the time of day and week Command: clock set HH:MM:SS DAY MONTH YEAR Command: show clock

    ?.?.?.?

    What is the command syntax to set the time and date on a Cisco router? What command would be used to show the current time and date settings?

    Developed by General Dynamics

    Das könnte Ihnen auch gefallen