Access list Questions
Note: If you are not sure about Access list, please read our Access List Tutorial.
Question 1
Explanation
Below is the range of standard and extended access list:
Access list type | Range |
Standard | 1-99, 1300-1999 |
Extended | 100-199, 2000-2699 |
In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.
Question 2
Explanation
The syntax of a named ACL is:
ip access-list {standard | extended} {name | number} |
Therefore we can configure a standard acl with keyword “standard” and configure an extended acl with keyword “extended”. For example this is how to configure an named extended access-list:
Router(config)#ip access-list extended in_to_out permit tcp host 10.0.0.1 host 187.100.1.6 eq telnet |
Question 3
Explanation
Below is the range of standard and extended access list
Access list type | Range |
Standard | 1-99, 1300-1999 |
Extended | 100-199, 2000-2699 |
Question 4
Explanation
We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml
Question 5
Question 6
Explanation
You can check the named access-list with the “show ip access-list” (or “show access-list”) command:
R1#show ip access-list Standard IP access list nat_traffic 10 permit 10.1.0.0, wildcard bits 0.0.255.255 15 permit 10.2.0.0, wildcard bits 0.0.255.255 20 permit 10.3.0.0, wildcard bits 0.0.255.255
We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:
R1(config)#ip access-list nat_traffic 100 10
Then we can check this access-list again:
R1#show ip access-list Standard IP access list nat_traffic 100 permit 10.1.0.0, wildcard bits 0.0.255.255 110 permit 10.2.0.0, wildcard bits 0.0.255.255 120 permit 10.3.0.0, wildcard bits 0.0.255.255
We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.
Question 7
Explanation
The range of standard ACL is 1-99, 1300-1999 so 50 and 1550 are two valid numbers.
Question 8
Question 9
Explanation
The range of standard ACL is 1-99, 1300-1999 so 50 is a valid number for standard ACL.
Question 10
Question 11
Question 12
Question 13