what is the basic rules for ACLs?
Answers were Sorted based on User's Feedback
Answer / jitendera
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest
to the
destination.
Extended IP access lists should be applied closest
to the
source
only these two fundamental are the rules of the access-list
Is This Answer Correct ? | 4 Yes | 0 No |
Answer / jitendra
shaen u r right but it is not like that what are u telling
in the 4 point all are included in these three part.
1 One access list per protocol per direction.
2 Standard IP access lists should be applied closest
to the
destination.
3 Extended IP access lists should be applied closest
to the source
Is This Answer Correct ? | 4 Yes | 0 No |
Basic rules for ACLs are -
1. All deny statement have to be given first.
2. There should be at least one permit statement.
3. An implicit deny block all the traffic by default, when
there is no match.
4. We can configure one access-list per interface per
direction i.e. two ACL per interface. One in inbound
direction & one in outbound direction.
5. ACL works in sequential order.
6. Editing of access-list is not possible i.e. selecting,
adding or removing access-list statement is not possible.
Is This Answer Correct ? | 3 Yes | 0 No |
Answer / vikram pratap singh
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest to the
destination.
Extended IP access lists should be applied closest to the
source.
Use the inbound or outbound interface reference as if
looking at the port from inside the router.
Statements are processed sequentially from the top of list
to the bottom until a match is found, if no match is found
then the packet is denied.
There is an implicit deny at the end of all access lists.
This will not appear in the configuration listing.
Access list entries should filter in the order from
specific to general. Specific hosts should be denied first,
and groups or general filters should come last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list.
A no access-list x command will remove the whole list. It
is not possible to selectively add and remove lines with
numbered ACLs.
Outbound filters do not affect traffic originating from the
local router.
There are many show commands that will verify the content
and placement of ACLs on the router.
The show ip interface command displays IP interface
information and indicates whether any ACLs are set.
The show access-lists command displays the contents of all
ACLs on the router.
show access-list 1 shows just access-list 1.
The show running-config command will also reveal the access
lists on a router and the interface assignment information.
Is This Answer Correct ? | 2 Yes | 0 No |
In how many ways can data be transferred in ccna?
Which feature should a routing protocol have to support vlsm?
how to troubleshoot when protocols is down and link is not getting up
Which of the following describe full-duplex transmission? A.) Uses a single wire B.) Data transmission in both directions, but only one way at a time C.) Uses a point-to-point connection from the transmitter of the transmitting station to the receiver of the receiving station D.) Data transmission in only one direction
Hi Jitendera, I need ur suggestion. I completed my CCNA certification & also hving some sort of real time experience. Now i m planning to do CCNP. Little bit confusion is that whether it wud be better for me to go for CCNP ya CCNA (Security). As off my goal is to reach CCIE (Security & Switching/Routing). So tell me some solution of my confusion yaar..!!! Thanx & Regards Shahin..
What is the syntax to use to configure the port on a Catalyst 5000 switch? A.) slot port/type B.) type slot/port C.) port slot/type D.) port type/slot
Identify the 3 pieces of hardware you would not install to prevent broadcasts? A.) Switch B.) Repeater C.) Bridge D.) Router
Which OSI Reference Layer is concerned with path determination? A.) Datalink B.) Physical C.) Network D.) Transport E.) Session
A user device that connects to a DCE must be which of the following? A.) DTE B.) CPE C.) Demarc D.) DCE E.) CO
In which layer switch is work?
Hi, If we create more Gateway from one our Router Interface Gateway (Example: by set up a ISA server etc) will it effect on our bandwidth to be low? please help me
Identify 3 characteristics of IP RIP? A.) Distance vector B.) Administrative distance is 120 C.) Periodic updates every 60 seconds D.) Uses a composite metric E.) Can load balance