Name __________________________________________________________ Date ________________
Tips for success: While answering the questions read Chapter 9, review the summary, and complete the practice Quiz.
After completion of this chapter, you should be able to:
Explain how ACLs are used to filter traffic.
Compare standard and extended IPv4 ACLs.
Explain how ACLs use wildcard masks.
Explain the guidelines for creating and placement of ACLs.
Configure standard IPv4 ACLs to filter traffic according to networking requirements.
Modify a standard IPv4 ACL using sequence numbers.
Configure a standard ACL to secure vty access.
Explain the structure of an extended access control entry (ACE).
Configure extended IPv4 ACLs to filter traffic according to networking requirements.
Explain how a router processes packets when an ACL is applied.
Troubleshoot common ACL errors using CLI commands.
Compare IPv4 and IPv6 ACL creation.
Configure IPv6 ACLs to filter traffic according to networking requirements.
1.
What is an Access List, and what are the basic tasks they perform?
2.
What do ACE’s use to filter traffic?
3.
What statement is always inserted at the end of each ACL?
4.
What do Standard ACL’s use to permit or deny traffic?
5.
What do Extended ACL’s use to permit or deny traffic?
6.
What number ranges are associated with Standard ACL’s?
7.
What number ranges are associated with Extended ACL’s?
8.
What is the purpose of the “host” key word for a wildcard mask?
9.
What is the purpose of the “any” key word for a wildcard mask?
10.
Complete Activity 9.1.3.6 – Determine the Correct Wildcard Mask
11.
Complete Activity 9.1.3.7 – Determine the Permit or Deny
12.
What are the three Ps for using ACLs?
13.
List the guidelines for ACL Best Practices:
14.
Complete Activity 9.1.4.3 – ACL Operation
15.
Where should an Extended ACL be placed?
16.
Where should a Standard ACL be place?
17.
Complete Activity 9.1.5.4 – Placing Standard and Extended ACL’s
18.
Examine the Standard ACL below and determine whether to permit or deny the following traffic:
R1(config)# access-list 1 permit host 192.168.10.10
R1(config)# access-list 1 deny 192.168.10.0 0.0.0.255
R1(config)# access-list 1 permit 192.168.10.5 0.0.0.0 a.
Host 192.168.10.10 – permit or deny b.
Host 192.168.11.1 – permit or deny c.
Host 192.168.10.5 – permit or deny d.
Host 10.10.2.3 – permit or deny
19.
What is the purpose of the “remark” key word in an ACL?
20.
Why is the order in which ACE’s are entered important?
21.
What command is used to apply an ACL to an interface? Explain the difference between “in” and “out”.
22.
Complete Activity 9.2.1.9 – Configuring Standard ACL’s
23.
Explain the two ways you can edit a numbered ACL: a.
Using a Text Editor – b.
Using the Sequence Number –
24.
What is the purpose of using the “established” parameter in an extended ACL?
25.
In an extended ACL, what command can be used to prevent the implied deny any statement from blocking all traffic?
26.
Complete Activity 9.3.2.7 – Creating an Extended ACL statement
27.
Complete Activity 9.3.2.8 – Evaluating Extended ACEs
28.
Complete Activity 9.3.2.9 – ACL Testlet
29.
Complete Activity 9.4.1.5 – How routers process ACLs
30.
Fill in the table with the common ACL troubleshooting method:
ACE is entered in the wrong order.
Unintended traffic has been denied because of the implied deny statement at the end of an ACL.
An ACE has been typed incorrectly.
The ACL is blocking inbound traffic, but it should be blocking outbound traffic.
31.
What are the two main features of the IPv6 ACLs (9.5.1.1)?
32.
What are the additional default statements used in IPv6 ACLs?