4/16/24, 7:03 PM ACL Interview Questions and Answers | Networker Interview

Networker Interview Prepare for CCNA, CCNP, CCIE Interview !

CCNA CCNP CCIE QUICK NOTES CCNA PDF DOWNLOAD TOPIC-WISE

CONTACT US ABOUT US PRIVACY POLICY

ACL Interview Questions and Answers Search

What is ACL? Se

Access Control List is a packet filtering method that filters the IP packets based on source and destination
address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network traffic.
Buy CCNA Int
What are different Types of ACL? Questions & Answ
There are two main types of access lists:-
- 5$
1. Standard Access List.
2. Extended Access List.

Explain Standard Access List?

Standard access list examines only the source IP address in an IP packet to permit or deny that packet. It cannot
match other fields in the IP packet. The standard access list can be created using the access-list numbers 1-99 or
in the expanded range of 1300-1999. The standard access list must be applied close to the destination. As we are
filtering based only on source address, if we put the standard access-list close to the source host or network then
nothing would be forwarded from source.

Example-
R1(config)# access-list 10 deny host 192.168.1.1 Click for Pr

R1(config)# int fa0/0

R1(config-if)#ip access-group 10 in Buy VPN & ASA
Interview Quest
Explain Extended Access List?
Answers Version
Extended Access List filters the network traffic based on the Source IP address, Destination IP address, Protocol
Field in the Network layer, Port number field at the Transport layer. Extended Access List ranges from 100 to 5$

199, In expanded range 2000-2699. Extended Access List should be placed as close to the source as possible.
Since extended access list filters the traffic based on specific addresses (Source IP, Destination IP) and protocols
we don’t want our traffic to traverse the entire network just to be denied wasting the bandwidth.

Example-
R1(config)# access-list 110 deny tcp any host 192.168.1.1 eq 23
R1(config)# int fa0/0
R1(config-if)# ip access-group 110 in

Explain Named ACL and its advantages over Number ACL?

Named ACL is just another way of creating standard and extended ACL. In Named ACL names are given to
identify access-list.
It has the following advantage over number ACL - In Name ACL we can give sequence number which means we
Click for Pre
can insert a new statement in the middle of ACL.

Example-
R1(config)# ip access-list extended CCNA Networker Inte
1,793 followers

R1(config)# 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23

R1(config)# exit
Follow Page

This will insert above statement at Line 15.

Privacy - Terms

networkerinterview.net/entries/acl/acl-access-control-list- 1/4
4/16/24, 7:03 PM ACL Interview Questions and Answers | Networker Interview

R1(config)# int fa0/0

R1(config-if)#ip access-group ccna in

What is Wildcard Mask?

The wildcard mask is used with ACL to specify an individual host, a network, or the range of the network.
Whenever a zero is present, it indicates that octet in the address must match the corresponding reference
exactly. Whenever a 255 is present, it indicates that octet need not be evaluated.
The wildcard mask is completely opposite to subnet mask.

Example- For /24

Subnet Mask - 255.255.255.0
Wildcard Mask - 0.0.0.255

How to permit or deny specific Host in ACL?

1. Using a wildcard mask "0.0.0.0"
Example- 192.168.1.1 0.0.0.0 or

2. Using keyword "Host"

Example- Host 192.168.1.1

In which directions we can apply an Access List?

We can apply an access list in two directions:-
IN - ip access-group 10 in
OUT - ip access-group 10 out

Difference between inbound access-list and outbound access-list?

When an access-list is applied to inbound packets on an interface, those packets are first processed through ACL
and then routed. Any packets that are denied won’t be routed. When an access-list is applied to outbound
packets on an interface, those packets are first routed to outbound interface and then processed through ACL.

Difference between #sh access-list command and #sh run access-list command?
#sh access-list shows the number of hit counts.
#sh run access-list does not show the number of hit counts.

How many access lists can be applied to an interface on a Cisco router?

We can assign only one access list per interface per protocol per direction which means that when creating an IP
access lists, we can have only one inbound access list and one outbound access list per interface. Multiple access
lists are permitted per interface, but they must be for a different protocol.

How are access lists processed?

Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a
time. As soon as a match is made, the permit or deny option is applied, and the packet is not evaluated against
any more access list statements. Because of this, the order of the statements within any access list is significant.
There is an implicit “deny” at the end of each access list which means that if a packet doesn’t match the condition
on any of the lines in the access list, the packet will be discarded.

What is at the end of each Access List?

At the end of each access list, there is an implicit deny statement denying any packet for which the match has not
been found in the access list.

Key Information

Any access list applied to an interface without an access list being created will not filter traffic.
Access lists only filters traffic that is going through the router. They will not filter the traffic that has
originated from the router.
If we will remove one line from an access list, entire access-list will be removed.

networkerinterview.net/entries/acl/acl-access-control-list- 2/4
4/16/24, 7:03 PM ACL Interview Questions and Answers | Networker Interview

Every Access list should have at least one permit statement or it will deny all traffic.

Go Back

8 comments Posted in ACL Tags acl access control list access list wildcard mask standard acl extended acl name acl what is acl acl notes access list notes

Share   

Thejovathi
1

Thank you so much for your great information about ACL

Reply

ISO 9001 Certification in bangalore

2

hii,
very useful information ,about ACL interview questions and answers ,these information is enough to attend the interview.thank you
for sharing useful information with us,keep going.

Reply

words Doctorate
3

Thanks for sharing amazing information !!!!!!

Please keep up sharing.

Reply

a
4

The website is looking bit flashy and it catches the visitors eyes. A design is pretty simple .
Webdesign Deutschland

Reply

kumara G
5

Its very Useful For freshers ....Great Work

Reply

Fuzzy International
6

The best thing is that your blog really informative thanks for your great information!

Reply

alinaamel
7

Thanks for the useful post. Keep posting more like this.
Webdesign Lüdenscheid

Reply

Neelkant Rao
8

Excellent. For a freshers it is very good, and they understand very easily Can i get the PDF of this on my e-mail.

Reply

Comment
Name:

networkerinterview.net/entries/acl/acl-access-control-list- 3/4
4/16/24, 7:03 PM ACL Interview Questions and Answers | Networker Interview

E-mail:

Website:

Comment:

Submit

Contact us About us Privacy Policy

Give your valuable suggestions and feedback through comments

Copyright © Networker Interview. All rights reserved.

networkerinterview.net/entries/acl/acl-access-control-list- 4/4