Home > Access list Questions

Access list Questions

November 8th, 2018 Go to comments

Note: If you are not sure about Access list, please read our Access List Tutorial.

Question 1

Explanation

Below is the range of standard and extended access list:

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

Question 2

Explanation

The syntax of a named ACL is:

ip access-list {standard | extended} {name | number}

Therefore we can configure a standard acl with keyword “standard” and configure an extended acl with keyword “extended”. For example this is how to configure an named extended access-list:

Router(config)#ip access-list extended in_to_out permit tcp host 10.0.0.1 host 187.100.1.6 eq telnet

Question 3

Explanation

Below is the range of standard and extended access list

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

Question 4

Explanation

We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml

Question 5

Question 6

Explanation

You can check the named access-list with the “show ip access-list” (or “show access-list”) command:

R1#show ip access-list
Standard IP access list nat_traffic
    10 permit 10.1.0.0, wildcard bits 0.0.255.255
    15 permit 10.2.0.0, wildcard bits 0.0.255.255
    20 permit 10.3.0.0, wildcard bits 0.0.255.255

We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:

R1(config)#ip access-list nat_traffic 100 10

Then we can check this access-list again:

R1#show ip access-list
Standard IP access list nat_traffic
    100 permit 10.1.0.0, wildcard bits 0.0.255.255
    110 permit 10.2.0.0, wildcard bits 0.0.255.255
    120 permit 10.3.0.0, wildcard bits 0.0.255.255

We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.

Question 7

Explanation

The range of standard ACL is 1-99, 1300-1999 so 50 and 1550 are two valid numbers.

Question 8

Question 9

Explanation

The range of standard ACL is 1-99, 1300-1999 so 50 is a valid number for standard ACL.

Question 10

Question 11

Question 12

Question 13

Comments (0) Comments
  1. No comments yet.
Add a Comment