Lecture 13: Access-List Control

Question 1

What is ACL?

Answer 1

ACL(Access-List Control) is a the set of rules that filters the packet that enters/exits router.

Question 2

Explain the purpose of Inbound ACLs.

Answer 2

To filter packets before the routing table is checked and a forwarding decision is made

Question 3

Explain the purpose of Outbound ACLs.

Answer 3

To filter packets after the routing table is checked.

Question 4

What is a Wildcard Mask in ACLs?

Answer 4

A mechanism to specify an IP address or a range of IP addresses for filtering. ‘0’ in the mask means match the corresponding bit, and ‘1’ means ignore.

Question 5

How do you filter an entire network using a wildcard mask?

Answer 5

Use the formula: Full mask - subnet mask. For example, 255.255.255.255 - 255.255.255.0 = 0.0.0.255

Question 6

How do you filter a single host using a wildcard mask?

Answer 6

Use 0.0.0.0 or the keyword “host”.

Question 7

What does the wildcard mask 255.255.255.255 represent?

Answer 7

It filters all other networks and can be represented by the keyword “any”.

Question 8

Describe the components of an ACL rule.

Answer 8

Includes an ACL number, rule ID, action (permit/deny), and matching option (e.g., source IP address).

Question 9

What is the default step increment for Rule IDs in ACLs?

Answer 9

5

Question 10

Explain the ACL matching mechanism.

Answer 10

ACLs are processed from top to bottom. The first match determines the action (permit or deny). If no rule is matched, an implicit deny is applied.

Question 11

How many ACLs can be applied to one interface?

Answer 11

A maximum of 4 ACLs.

Question 12

What is an Implicit Deny?

Answer 12

A default deny statement at the end of every ACL.

Question 13

What is the number range for Basic ACLs?

Answer 13

2000 to 2999.

Question 14

What is the number range for Advanced ACLs?

Answer 14

3000 to 3999.

Question 15

What are the key differences between Basic and Advanced ACLs?

Answer 15

Basic ACLs filter based only on the source IPv4 address. Advanced ACLs can filter based on source and destination IPv4 addresses, protocol types, port numbers, etc.

Question 16

Give examples of ACL rule configuration commands.

Answer 16

• Create numbered standard ACL: R1(config)#access-list 1 deny/permit ip add wildcard mask
• Create numbered extended ACL: R1(config)#access-list 100 ip deny/permit ip add wildcard mask ip add wildcard mask

Question 17

How do you apply an ACL to an interface?

Answer 17

• Numbered ACL: R1(config)#interface g0/1 R1(config-if)#ip access-group 1 in
• Named ACL: R1(config)#interface g0/1 R1(config-if)#ip access-group MyACL out

Question 18

How do you verify ACL configurations?

Answer 18

Using commands like show access-lists, show run, and show ip access-lists.