Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
17 Cards in this Set
- Front
- Back
|
Access-class
|
Placesan access list on the VTY lines of a device
|
|
|
Access-group
|
Placesan access list on a device’s physical interface
|
|
|
ACL
|
AccessControl lists filter network traffic by controlling whether routedpackets are forwarded or blocked at the router's interfaces. Yourrouter examines each packet to determine whether to forward or dropthe packet, on the basis of the criteria you specified within theaccess lists
|
|
|
Denialof service
|
Adenial of service (DoS) attack is an incident in which a user ororganization is deprived of the services of a resource they wouldnormally expect to have.
|
|
|
Deny
|
? |
|
|
Extended ACL ?
|
Anextended ACL gives you much more power than just a standard ACL.Extended IP ACLs check both the source and destination packetaddresses. They can also check for specific protocols, port numbers,and other parameters, which allow administrators more flexibility andcontrol. Place close to source.
|
|
|
Howdo you apply ACLs?
|
access-class50 in
|
|
|
Howto create an ACL.
|
access-list50 permit host 172.16.10.3
|
|
|
ICMP
|
InternetControl Message Protocol: Documented in RFC 792, it is a Networklayer Internet protocol for the purpose of reporting errors andproviding information pertinent to IP packet procedures.
|
|
|
Named ACL?
|
Usedin both standard and extended lists to help with administration ofaccess lists by allowing you to name the lists instead of usingnumbers. This also allows you to change a single line of an accesslist, which isn’t possible in regular, numbered access lists.
|
|
|
Standard ACL?
|
Astandard IP ACL is simple; it filters based on source address only.You can filter a source network or a source host, but you cannotfilter based on the destination of a packet, the particular protocolbeing used such as the Transmission Control Protocol (TCP) or theUser Datagram Protocol (UDP), or on the port number. You can permitor deny only source traffic. Place close to destination.
|
|
|
Whatare some limitations to ACLs?
|
• Youcannot apply more than one IP ACL and one MAC ACL in each directionon an ,,,,,interface.
•A MAC ACL applies only to Layer 2 packets. •VLAN ACLs are not supported. •IP fragments are not supported n ACL rules. •Non initial fragments are not subject to ACL lookup. •The established option to specify TCP flags is not supported. •You cannot have two not-equal-to (neq) operators in the same rule. •ACL is not supported in port channels. |
|
|
Whatis the most common error with ACLs?
|
Forgetto permit connections after setting up the denied connections sincethere’s an implicit “Deny Any Any” at the end of each ACL
|
|
|
Whyuse access lists?
|
Securityand control of the network
|
|
|
Whyuse IP to control ACL traffic?
|
? |
|
|
Whyuse TCP or UDP to control ACL traffic?
|
? |
|
|
WildcardMasks?
|
Wildcardsare used with access lists to specify an individual host, a network,or a certain range of a network or networks
|
