Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Certifications >> Cisco Certifications >> CCNA
  2. Suggest New Category

what is the basic rules for ACLs?

Question Posted / vikram pratap singh

Answer Posted / vikram pratap singh

These basic rules should be followed when creating and
applying access lists:

One access list per protocol per direction.
Standard IP access lists should be applied closest to the
destination.
Extended IP access lists should be applied closest to the
source.
Use the inbound or outbound interface reference as if
looking at the port from inside the router.
Statements are processed sequentially from the top of list
to the bottom until a match is found, if no match is found
then the packet is denied.
There is an implicit deny at the end of all access lists.
This will not appear in the configuration listing.
Access list entries should filter in the order from
specific to general. Specific hosts should be denied first,
and groups or general filters should come last.
Never work with an access list that is actively applied.
New lines are always added to the end of the access list.
A no access-list x command will remove the whole list. It
is not possible to selectively add and remove lines with
numbered ACLs.
Outbound filters do not affect traffic originating from the
local router.
There are many show commands that will verify the content
and placement of ACLs on the router.

The show ip interface command displays IP interface
information and indicates whether any ACLs are set.

The show access-lists command displays the contents of all
ACLs on the router.

show access-list 1 shows just access-list 1.

The show running-config command will also reveal the access
lists on a router and the interface assignment information.

Is This Answer Correct ?    2 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

What route entry will be assigned to dead or invalid route in case of RIP?

1627

Which command we give for see routing table?

1214

Can you explain static and dynamic tunnels?

1971

Explain what is overlaod?

1101

Value in which type of access list?

1217

Which reserve port number talent use?

1165

In how many ways can data be transferred in ccna?

1843

Mention what does the clock rate do?

1269

in stead of 0.0.0.0 wild card mask what u can write after ip?

1065

Mention what is dhcp?

1166

What is the difference between hub, switch, and router?

1350

What is the draw back of eigrp protocol?

1245

What is window in networking terms?

1358

Given the configuration example: interface ethernet0 ipx network 4a ipx access-group 800 out interface ethernet1 ipx network 3d interface ethernet2 ipx network tc access-list 800 permit 3d 4a Which action result from implementing this configuration? a-Traffic from network 3d for network 4a will be forwarded out e0 b-IPX network 5c will not receive any traffic c-Traffic from network 3d, destined for network 4a, will be forwarded out e2 d-Traffic from network 3d for network 3d will be forwarded out e0

2639

What is formula of hold down time of eigrp protocol?

1267