Tag - Destination Ip

Cisco IOS access lists: 10 things you should know

10 things you need to know about Cisco IOS access lists, beginning with the basic definition of an ACL.

What is an access control list?

In the Cisco IOS, an access control list is a record that identifies and manages traffic. After identifying that traffic, an administrator can specify various events that can happen to that traffic.

What’s the most common type of ACL?

IP ACLs are the most popular type of access lists because IP is the most common type of traffic. There are two types of IP ACLs: standard and extended. Standard IP ACLs can only control traffic based on the SOURCE IP address. Extended IP ACLs are far more powerful; they can identify traffic based on source IP, source port, destination IP, and destination port.

What are the most common numbers for IP ACLs?

The most common numbers used for IP ACLs are 1 to 99 for standard lists and 100 to 199 for extended lists. However, many other ranges are also possible.

  • Standard IP ACLs: 1 to 99 and 1300 to 1999
  • Extended IP ACLs: 100 to 199 and 2000 to 2699

How can you filter traffic using ACLs?

You can use ACLs to filter traffic according to the “three P’s”—per protocol, per interface, and per direction. You can only have one ACL per protocol (e.g., IP or IPX), one ACL per interface (e.g., FastEthernet0/0), and one ACL per direction (i.e., IN or OUT).

How can an ACL help protect
my network from viruses?

You can use an ACL as a packet sniffer to list packets that meet a certain requirement. For example, if there’s a virus on your network that’s sending out traffic over IRC port 194, you could create an extended ACL (such as number 101) to identify that traffic. You could then use the debug ip packet 101 detail command on your Internet-facing router to list all of the source IP addresses that are sending packets on port 194.

What’s the order of operations in an ACL?

Routers process ACLs from top to bottom. When the router evaluates traffic against the list, it starts at the beginning of the list and moves down, either permitting or denying traffic as it goes. When it has worked its way through the list, the processing stops.

That means whichever rule comes first takes precedence. If the first part of the ACL denies traffic, but a lower part of the ACL allows it, the router will still deny the traffic. Let’s look at an example:

Access-list 1 permit any
Access-list 1 deny host
Access-list 1 deny any

What does this ACL permit? The first line permits anything. Therefore, all traffic meets this requirement, so the router will permit all traffic, and processing will then stop.

What about traffic you don’t specifically address in an ACL?

At the end of an ACL is an implicit deny statement. Whether you see the statement or not, the router denies all traffic that doesn’t meet a condition in the ACL. Here’s an example:

Access-list 1 deny host
Access-list 1 deny

What traffic does this ACL permit? None: The router denies all traffic because of the implicit deny statement. In other words, the ACL really looks like this:

Access-list 1 deny host
Access-list 1 deny
Access-list 1 deny ANY

Can I name an ACL?

Numbers—who needs numbers? You can also name your ACLs so you can more easily identify their purpose. You can name both standard and extended ACLs. Here’s an example of using a named ACL:

router(config)# ip access-list ?
  extended        Extended Access List
  log-update      Control access list log updates
  logging         Control access list logging
  resequence      Resequence Access List
  standard        Standard Access List
router(config)# ip access-list extended test 
router(config-ext-nacl)# 10 deny ip any host
router(config-ext-nacl)# exit
router(config)# exit
router# show ip access-list
Extended IP access list test
    10 deny ip any host

What’s a numbering sequence?

In the “old days,” you couldn’t edit an ACL—you could only copy it to a text editor (such as Notepad), remove it, edit it in notepad, and then re-create it. In fact, this is still a good way to edit some Cisco configurations.

However, this approach can also create a security risk. During the time you’ve removed the ACL to modify it, the router isn’t controlling traffic as needed. But it’s possible to edit a numbered ACL with commands. Here’s an example:

router(config)# access-list 75 permit host

router# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)# ip access-list standard 75 
router(config-std-nacl)# 20 permit any 
router(config-std-nacl)# no 10 permit

router# show ip access-lists 75
Standard IP access list 75
    20 permit any

How else can I use an ACL?

ACLs aren’t just for filtering traffic. You can also use them for a variety of operations. Let’s look at some of their possible other uses:

    • To control debug output: You can use the debug list X command to control debug output. By using this command before another debugcommand, the command only applies to what you’ve defined in the list.
    • To control route access: You can use a routing distribute-list ACL to only permit or deny certain routes either into or out of your routing protocol.
    • As a BGP AS-path ACL: You can use regular expressions to permit or deny BGP routes.
    • For router management: You can use an ACL to control which workstation or network manages your router with an ACL and an access-class statement to your VTY lines.
    • For encryption: You can use ACLs to dvcermine how to encrypt traffic. When encrypting traffic between two routers or a router and a firewall, you must tell the router what traffic to encrypt, what traffic to send unencrypted, and what traffic to drop.

To wrap up this review, I’ll leave you with one last tip: Don’t forget to use remarkstatements in your ACLs. They’ll come in handy when you have to troubleshoot something later.

Short Question CCNA Part 7

63 – What we called 64 Bit Mac-address in IPV6?

EUI= Enhanced universal identifier – 16 bits add in IPv6 so it’s called EUI

64 – What is loop back IP in IPV6?

::1 and ping 6

65- Which command we use for ping in IPv6?

Ping6 source IP -s Destination IP

66- How many types of router?

Two types

i) Modular

ii) Non-Modular

67- When we use Router?

For communication between different networks

68- Which works router Do ?

1- Path selection and

2- Packet Switching {frame relay}

69 – What cable called V.35 ?

Serial Connectivity cable

70- How many types of Ethernet?

4 types

i) Ethernet

ii) Fast Ethernet

iii) Gigabit

iv) 10 Giga.

71 – Which cable called roll-over?

Console access able

72- Which cable we connect in DB-9 ?

Roll over calbe

73- How many ways to access router?

3 ways

i) Telnet (IP)

ii) AUX (Telephone)

iii) Console (cable)

74- What is IOS?

Internet Operating system. Its router’s operating system.

75 – In which IOS version 182 people can access router through telenet ?

Onward 12.2 version

76- Which mode called privilege mode?

Second mode

77- When we use interface mode?

For specific interface commands

78- On Which mode we give debug command?

Privilege mode / live view (2nd mode)


79- Which command we give on privilege mode for coming back to user execution mode?


80- Which mode we can’t skip when we come back from interface mode?

2nd mode we can’t skip

CCNA Interview Question Part 1

CCNA Interview Question Part 2

CCNA Interview Question Part 3

CCNA Interview Question Part 4

CCNA Interview Question Part 5

CCNA Interview Question Part 6

CCNA Interview Question Part 7

CCNA Interview Question Part 8

CCNA Interview Question Part 9

CCNA Interview Question Part 10

CCNA Interview Question Part 11

CCNA Interview Question Part 12

CCNA Interview Question Part 13

CCNA Interview Question Part 14

Copyright ©2010 - 2022 Ciscoforall.com | Privacy Policy | Terms & Conditions