ACL with established key word

Eric R. Jones · ‎04-14-2017

I have been studying for CCNP Route 300-101 exam and have run across a perplexing question with an answer but not an explanation that is nagging me.

The question basically as which ACL is correct in preventing a TCP connection.

There are three, 2 with the established keyword at the end.

The difference between the 2 is one is a standard ACL 49 and the other is an extended ACL 149.

Only extended ACL's are allowed to use the established keyword correct?

ej

Georg Pauwen · ‎04-15-2017

Hello Eric,

yes, only extended access lists allow the 'established' keyword. The question seems to look for the best way to prevent spoofing, which is what 'established' was initially added for.

So your correct answer is the extended access list with the 'established' keyword.

Masoud Pourshabanian · ‎04-15-2017

Hello,

The reason is that "established" is for TCP establishment and three-way handshaking.

With standard access-list, you only specify source addresses not TCP.

Masoud

Eric R. Jones · ‎04-20-2017

Thank you for the information.

I'm scheduling attempt number 2 for next week.

Seems no matter how much I study I feel like it's not enough.

ej

Georg Pauwen · ‎04-20-2017

Eric,

good luck with the exam.

There is a free router simulator available for download, with real IOS images, for testing and lab setups, not sure if you have heard of it:

https://gns3.com/