what is the basic rules for ACLs?
- 4 Answers
- 9777 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / jitendera
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest
to the
destination.
Extended IP access lists should be applied closest
to the
source
only these two fundamental are the rules of the access-list
| Is This Answer Correct ? | 4 Yes | 0 No |
Answer / jitendra
shaen u r right but it is not like that what are u telling
in the 4 point all are included in these three part.
1 One access list per protocol per direction.
2 Standard IP access lists should be applied closest
to the
destination.
3 Extended IP access lists should be applied closest
to the source
| Is This Answer Correct ? | 4 Yes | 0 No |
Basic rules for ACLs are -
1. All deny statement have to be given first.
2. There should be at least one permit statement.
3. An implicit deny block all the traffic by default, when
there is no match.
4. We can configure one access-list per interface per
direction i.e. two ACL per interface. One in inbound
direction & one in outbound direction.
5. ACL works in sequential order.
6. Editing of access-list is not possible i.e. selecting,
adding or removing access-list statement is not possible.
| Is This Answer Correct ? | 3 Yes | 0 No |
Answer / vikram pratap singh
These basic rules should be followed when creating and
applying access lists:
One access list per protocol per direction.
Standard IP access lists should be applied closest to the
destination.
Extended IP access lists should be applied closest to the
source.
Use the inbound or outbound interface reference as if
looking at the port from inside the router.
Statements are processed sequentially from the top of list
to the bottom until a match is found, if no match is found
then the packet is denied.
There is an implicit deny at the end of all access lists.
This will not appear in the configuration listing.
Access list entries should filter in the order from
specific to general. Specific hosts should be denied first,
and groups or general filters should come last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list.
A no access-list x command will remove the whole list. It
is not possible to selectively add and remove lines with
numbered ACLs.
Outbound filters do not affect traffic originating from the
local router.
There are many show commands that will verify the content
and placement of ACLs on the router.
The show ip interface command displays IP interface
information and indicates whether any ACLs are set.
The show access-lists command displays the contents of all
ACLs on the router.
show access-list 1 shows just access-list 1.
The show running-config command will also reveal the access
lists on a router and the interface assignment information.
| Is This Answer Correct ? | 2 Yes | 0 No |
What protocols can you use while testing Trace? A.) DECnet B.) CLNS C.) IP D.) Old Vines E.) Vines F.) Chaos
thnx jitender...its me shridh...m working for SG ltd..the situation iz like ths -at a specific time in our company the internet connectivity goes off...v hav two networks in our company...but out of it only one link goes down for 5-10 sec...a fastethernet port becomes down for few sec and automatically becomes Up... Is this occures becoz of Power?? If yes thn y the 2nd network is not affected?? plz tel me jitender how to resolve ths problem? as u sd loop in switch is the primary cause of ths....i wanna know how to resolve it...thnx for ur replys jitender sinha.
How do you disable advanced editing? A.) terminal editing B.) terminal no editing C.) disable editing D.) no terminal editing
Which two protocol tools use ICMP? (Choose two) A. ping B. telnet C. configure D. traceroute E. show commands F. standard access lists
Explain what is route poisoning?
Which configuration task must you complete if a remote Frame Relay router does NOT support Inverse APP? A.configure static maps B.define an IP address locally C.disable DHCP on the Frame Relay router D.configure a static route to the remote network
- What is EGIRP and IGRP - How EGIRP and IGRP works
Define osi?
In distance-vector routing, there is a problem known as the 'count to infinity' problem. What is the most direct solution to this? A.) Defining a Maximum. B.) You can not solve the 'count to infinity' problem with a distance vector protocol. C.) Poison Reverse. D.) Triggered Updates. E.) Split Horizon.
Identify the prompt displayed if in privileged exec mode? A.) Router(config)# B.) Router# C.) Router> D.) Router(priv)#
Identify the 2 commands that will display the status and information about interface E0 only? A.) show interface ethernet E0 B.) show interface E0 C.) show E0 D.) show int E0 E.) show interface
You want to set the console password to ralph. What would be the first command you need to execute from global configuration mode? A.) line console 0 B.) enable password ralph C.) login password ralph D.) set password= ralph E.) password ralph F.) login Ralph
CCNA 
