Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
6
Replies

Practice question for ACL list

Go to solution
Michael1975
Level 1
Level 1

‎08-01-2024 11:11 AM

This is a practice question. I know the answer of A is wrong,

But I do not see a difference between answers B - D.

Does anyone see the difference. 

1.jpg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to Michael1975

‎08-01-2024 12:44 PM

But, I just don't understand why the only one ACL is applied. A in and a out.  <<- this by cisco one ACL IN/OUT and you can add multi line for this only ACL 

In this questions, the INBOUD does not even come into play. It has nothing to do with this question. <<- it Q not mention IN ACL not meaning you can not config it, you can config it but as I mention the goal of this Q is two point I mention above

MHM

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎08-01-2024 11:19 AM

Answer is B

since there is only one ACL IN and only ACL OUT 
and the last ACL override all other ACL this ACL is 10 so only traffic deny is 10.0.0.0/24

0 Helpful

Go to solution
Michael1975
Level 1
Level 1

‎08-01-2024 11:31 AM

Wow. But, I don't get it.

All the answers all say OUT, so where is IN coming into play.

Plus, why so many permit AMY, the first permit ANY would catch all traffic, this meeting that rule, and the ACL will not process the request anymore.

I would think this has the exact same results. --- I am wrong, it's the way I am looking at it.

deny 10.0.0.0 0.0.0.255  - If this condition is met,

than anything after that would be permit would meet the condition of all other traffic.

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Michael1975

‎08-01-2024 11:38 AM

1-this standard ACL so it filter source, the direction OUT meaning any traffic outbound from interface and it source 10.0.0.0/24 will deny 
2- if the traffic 10.0.0.0/24 deny by first line the ACL will not check other line (permit ANY)

this Q make you learn two point 
1- how many ACL apply to interface IN and OUT (which is ON in each direction)
2- if I apply multi ACL which one will work, the last ACL config under interface 

MHM

0 Helpful

Go to solution
Michael1975
Level 1
Level 1

‎08-01-2024 12:34 PM - edited ‎08-01-2024 12:45 PM

So, I was right only the first 2 lines will be processed. The rest of the ACL is pointless.

I assumed this was a valid ACL that could be used, but I guess because it is a test question they tried to confuse a inexperienced person by posting a ACL that was not written properly. well it worked. 

What prompted them to bring up INBOUND? You and someone else brought up INBOUND, and nothing in this questions talks about having more than one INBOUND or OUTBOUND, if fact INBOUND is not mentioned in the question

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Michael1975

‎08-01-2024 12:44 PM

But, I just don't understand why the only one ACL is applied. A in and a out.  <<- this by cisco one ACL IN/OUT and you can add multi line for this only ACL 

In this questions, the INBOUD does not even come into play. It has nothing to do with this question. <<- it Q not mention IN ACL not meaning you can not config it, you can config it but as I mention the goal of this Q is two point I mention above

MHM

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Michael1975

‎08-01-2024 01:08 PM

Possibly, you're overlooking a crucial difference, the difference between numbered ACLs and named ACLs.  The former uses the same number to define the ACL, the latter often uses numbers for ACEs, but the ACL is represented by a name.

In your posted example, four different numbered ACLs have been defined.

As already mentioned in other replies, the four interface ACL assignment statements, defining what that particular ACL should be used as, is done four times, and for usage, each assignment would replace any earlier assignment, so, only the last is the effective interface ACL.

The forgoing is much like:

interface x
ip address 192.168.10.1 255.255.255.0
ip address 192.168.20.1 255.255.255.0
ip address 192.168.30.1 255.255.255.0
ip address 192.168.40.1 255.255.255.0

What would be the interface's IP?

BTW, initially @MHM Cisco World mentioned there can only be one IN and OUT ACL.  Well, that might be true, currently, but I recall(???), once upon a time, you could have other than IP protocol ACLs, concurrently, on an interface.  Vaguely also recall the number 6, but if correct, don't recall was that up to 6 INs and/or OUTs or 3 INs and/or OUTs.

The various number ranges, would identify the different protocols;

Table 1 - ACL Number Ranges

Protocol

Range

Standard IP

1–99 and 1300–1999

Extended IP

100–199 and 2000–2699

Ethernet type code

200–299

Ethernet address

700–799

Transparent bridging (protocol type)

200–299

Transparent bridging (vendor code)

700–799

Extended transparent bridging

1100–1199

DECnet and extended DECnet

300–399

Xerox Network Systems (XNS)

400–499

Extended XNS

500–599

AppleTalk

600–699

Source-route bridging (protocol type)

200–299

Source-route bridging (vendor code)

700–799

Internetwork Packet Exchange (IPX)

800–899

Extended IPX

900–999

IPX Service Advertising Protocol (SAP)

1000–1099

Standard Virtual Integrated Network Service (VINES)

1–100

Extended VINES

101–200

Simple VINES

201–300
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card