Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
What fields can a standard ACL match?
|
Only the source IP address
|
|
What fields can an extended ACL match?
|
Source IP
Destination IP Source Port Destination Port Protocol IP TOS IP precedence All TCP flows except first |
|
CLI command to create or add to a standard access list
|
#access-list <number> {deny|permit} <source ip> <wildcard mask>
|
|
Where should standard ACLs be placed?
|
As close to the destination as possible.
|
|
CLI command to apply an access list to an interface
|
#ip access-group <number> { in | out }
|
|
CLI command to add comments to an access list
|
#access-list <number> remark <comment>
|
|
CLI command to create or add to an extended ACL
|
#access-list <number> {deny|permit} <protocol> <source ip> <wildcard> [operator port] <dest ip> <wildcard> [operator port] [established] [log]
|
|
Range of numbers for a standard ACL
|
1 to 99
1300 to 1399 |
|
Range of numbers for an extended ACL
|
100 to 199
2000 to 2699 |
|
What are the five port operators for an ACL?
|
eq
neq lt gt range |
|
Where should extended ACLs be placed?
|
As close to the source as possible
|
|
CLI command to create a named ACL
|
#ip access-list {extended|standard} <name>
|
|
CLI command to apply an access list to the VTY line
|
#line vty 0 4
access-class <number|name> in |
|
Where should more specific statements be placed in an ACL
|
early in the ACL
more general later |
|
What is a reflexive ACL?
|
Also called IP session filtering. Only allow ouside traffic to come in if an inside user has already established a connection to the outside source.
|
|
What is a dynamic ACL?
|
Also called Lock and Key Security. Individual (outside) first authenticates to the router; then the router adds ACL allowing that person to access some other host on the network.
|
|
CLI command to show details of configured access lists for all protocols
|
#show access-lists [<number>|<name>]
|
|
CLI command to show all access lists enabled on an interface
|
#show ip interface [<interface>]
|
|
What does ICMP type=8 represent
|
Echo message
|
|
How do you delete a line from an ACL?
|
1. ACL configuration mode: #ip access-list {standard|extended} {name|number}
#no <line number> 2. Delete the entire ACL, then retype the desired lines |
|
What happens to ACL 101 if you issue the global command: no access-list 101 permit tcp any any eq 80
|
The entire ACL is deleted (not just the matching line)
|