You are on page 1of 2

5/28/2017 ACLInterviewQuestionsandAnswers|NetworkerInterview

NetworkerInterview
Prepare for CCNA, CCNP, CCIE Interview !

CCNA CCNP CCIE Q UICKNO TES CCNAPD F D O W NLO AD

ACL Interview Questions and Answers Search


Search
What is ACL?
Access Control List is a packet ltering method that lters the IP packets based on source and destination
address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network
BuyCCNAInterview
trac.
Questions&AnswersPDF
What are dierent Types of ACL?
5$
There are two main types of Access lists:-
1.Standard Access List.
2.Extended Access List.

Explain Standard Access List?


Standard Access List examines only the source IP address in an IP packet to permit or deny that packet. It

cannot match other eld in the IP packet. Standard Access List can be created using the access-list
numbers 1-99 or in the expanded range of 1300-1999. Standard Access List must be applied close to
destination. As we are ltering based only on source address, if we put the standard access-list close to the
source host or network than nothing would be forwarded from source.

ClickforPreview
Example:-
R1(cong)# access-list 10 deny host 192.168.1.1
R1(cong)# int fa0/0 BuyVPN&ASAFirewall
R1(cong-if)# ip access-group 10 in
InterviewQuestionsand

Explain Extended Access List? AnswersPdf3$


Extended Access List lters the network trac based on the Source IP address, Destination IP address,
Protocol Field in the Network layer, Port number eld at the Transport layer. Extended Access List ranges
from 100 to 199, In expanded range 2000-2699. Extended Access List should be placed as close to source
as possible. Since extended access list lters the trac based on specic addresses (Source IP, Destination
IP) and protocols we dont want our trac to traverse the entire network just to be denied wasting the
bandwidth.

Example:-
R1(cong)# access-list 110 deny tcp any host 192.168.1.1 eq 23 ClickforPreview
R1(cong)# int fa0/0
R1(cong-if)# ip access-group 110 in

Explain Named ACL and its advantages over Number ACL? NetworkerInterview
1,670likes
It is just another way of creating Standard and Extended ACL. In Named ACL names are given to identify
access-list.
LikePage Share
It has following advantage over Number ACL - In Name ACL we can give sequence number which means
we can insert a new statement in middle of ACL. Bethefirstofyourfriendstolikethis

Example:-
R1(cong)# ip access-list extended CCNA
R1(cong)# 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23
R1(cong)# exit
http://networkerinterview.net/entries/acl/aclaccesscontrollist 1/3
5/28/2017 ACLInterviewQuestionsandAnswers|NetworkerInterview
R1(cong)# exit
This will insert above statement at Line 15.
R1(cong)# int fa0/0
R1(cong-if)# ip access-group ccna in

What is Wildcard Mask?


Wildcard mask is used with ACL to specify an individual hosts, a network, or a range of network. Whenever
a zero is present, it indicates that octet in the address must match the corresponding reference exactly.
Whenever a 255 is present, it indicates that octet need not to be evaluated.
Wildcard Mask is completely opposite to subnet mask.
Example:- For /24
Subnet Mask - 255.255.255.0
Wildcard Mask - 0.0.0.255

How to permit or deny specic Host in ACL?


1.Using a wildcard mask "0.0.0.0"
Example:- 192.168.1.1 0.0.0.0 or
2.Using keyword "Host"
Networker Interview
Example:- Host 192.168.1.1
Follow

In which directions we can apply an Access List? 75 followers

We can apply access list in two direction:-


IN - ip access-group 10 in
OUT - ip access-group 10 out

Dierence between Inbound Access-list and Outbound Access-list?


When an access-list is applied to inbound packets on interface, those packets are rst processed through
ACL and than routed. Any packets that are denied wont be routed. When an access-list is applied to
outbound packets on interface, those packets are rst routed to outbound interface and than processed
through ACL.

Dierence between #sh access-list command and #sh run access-list command?
#sh access-list shows number of Hit Counts.
#sh run access-list does not show number of Hit Counts.

How many Access Lists can be applied to an interface on a Cisco router?


We can assign only one access list per interface per protocol per direction which means that when creating

LiveTrafficFeed
an IP access lists, we can have only one inbound access list and one outbound access list per AvisitorfromIndiaarrived
interface.Multiple access lists are permitted per interface, but they must be for a dierent protocol. fromwww.google.co.inand
viewedOSPFInterview
QuestionsandAnswers(Op...
AvisitorfromHyderabad,Andhra
How Access Lists are processed? 45secsago
Pradesharrivedfromgoogle.co.in
andviewed"CCIE|Networker
Access lists are processed in sequential, logical order, evaluating packets from the top down, one Interview"3minsago
AvisitorfromSingaporearrived
statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is fromgoogle.com.sgandviewed
"OSPFInterviewQuestionsand
not evaluated against any more access list statements. Because of this, the order of the statements within Answers[CCNP]|Networker
AvisitorfromOttawa,Ontario
Interview"5minsago
arrivedfromnetworkerinterview.net
any access list is signicant. There is an implicit deny at the end of each access list which means that if a andviewed"CCNA|Networker
Interview"17minsago
packet doesnt match the condition on any of the lines in the access list, the packet will be discarded. AvisitorfromMountainView,
Californiaarrivedfromgoogle.co.in
andviewed"ASAFirewall
What is at the end of each Access List? InterviewQuestionsandAnswers
[CCIE]|NetworkerInterview"21
AvisitorfromRiyadh,ArRiyad
At the end of each access list, there is an implicit deny statement denying any packet for which the match minsago
arrivedfromgoogle.com.saand
viewed"BGPInterviewQuestions
has not been found in the access list. andAnswers|NetworkerInterview"
AvisitorfromVijayawada,Andhra
27minsago
Pradesharrivedfromgoogle.co.in
Key Information andviewed"BGPInterview
QuestionsandAnswers|Networker
AvisitorfromIndiaarrivedfrom
Interview"27minsago
Any access list applied to an interface without an access list being created will not lter trac. google.co.inandviewed"OSPF
InterviewQuestionsandAnswers
Access lists only lters trac that is going through the router. They will not lter the trac that has (OpenShortestPathFirst)|
AvisitorfromDelhiarrivedfrom
NetworkerInterview"30minsago
originated from the router. google.co.inandviewed"OSI
ModelInterviewQuestionsand
http://networkerinterview.net/entries/acl/aclaccesscontrollist 2/3