ICND1 Section 6 - IP Services - ACLs Flashcards Preview

CCNA > ICND1 Section 6 - IP Services - ACLs > Flashcards

Flashcards in ICND1 Section 6 - IP Services - ACLs Deck (43)
Loading flashcards...
1

What are the ranges for standard ACLs?

1-99
1300-1999

2

Syntax for an extended numbered ACL

access-list access-list-number {deny | permit} *protocol* *source IP* *wildcard mask* *destination IP* *wildcard mask* [log]

3

3 primary differences that named ACLs have vs numbered

1. Names instead of numbers
2. Uses ACL subcommands vs global commands to define the ACL
3. ACL editing allows users to edit delete and add individual lines

4

Command to delete a line from a numbered ACL with sequence numbers.

conf t
ip access-list {standard | extended} *number*
no *seq number*

5

Syntax to assign an ACL to a vty

access-class *number* {in | out}

6

Command to set a router to use an NTP server

conf t
ntp server *server* {version *version*}

7

2 commands to see how NTP is working on a router

show ntp status
show ntp associations

8

What does "inside local" refer to?

Private IP's used in NAT

9

What does "inside global" refer to?

Public IP's used in NAT

10

3 steps to configure a router to do static NAT

1. Set up an interface as inside local
2. Set up an interface as inside global
3. Create a mapping between inside and outside IP's

11

Command to make an inside NAT interface

conf t
int gi0/0
ip nat inside

12

Command to make an outside NAT interface

conf t
int gi0/1
ip nat outside

13

TCP version of an extended ACL

access-list access-list-number {deny | permit}tcp *source* *source-wildcard* [operator [port]] *destination* *destination-wildcard* [operator [port]] [log]

14

Command to create a static NAT mapping

ip nat inside source static *inside local* *inside global*

15

Command to see static NAT mappings

show ip nat translations

16

5 steps to configuring dynamic NAT

1. Set an interface to inside
2. Set an interface to outside
3. Create ACL for the inside interface which identifies packets for which NAT should be performed
4. Create a pool of global IP's for use in NAT
5. Bind the ACL and the pool together, enabling dynamic NAT

17

Command to create an IP address pool for use with NAT

ip nat pool *name* *first IP* *last IP* netmask *subnet mask*

18

Command to bind pool and ACL together to enable dynamic NAT

ip nat inside source list *ACL #* pool *pool name*

19

Command to clear the NAT translation table

clear ip nat translation *

20

2 variations to enable PAT

ip nat inside source list *ACL #* interface *interface* overload
ip nat inside source list *ACL #* pool *pool name* overload

21

If an ACL omits the wildcard mask, what is the implied mask?

0.0.0.0

22

What are the ranges for extended ACLs?

100 - 199
2000 - 2699

23

Syntax for a standard numbered ACL

access-list {1-99 | 1300-1999} {permit | deny} [*subnet* *wildcard mask* | any ]

24

Operational command to see:
-IPv4 ACLs
-All ACLs

show ip access-lists

show access-list

25

Command to see access list application status on an interface

show ip interface *interface*

26

Keywork to add to an ACL to help keep track of it's activity

log

27

Keyword to run an operational command from inside of config mode

do

28

What are the 3 types of ACLs?

Standard
Extended
Named

29

Are named ACLs standard or extended?

Either, depends on how they are configured

30

What is the difference between standard and extended ACLs?

Standard ACLs filter on source address
Extended ACLs filter on:
Source and Dest IP
Source and Dest Port
Other criteria