|
Home > Archive > CCNA > November 2000 > access list? simulateor?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
access list? simulateor?
|
|
|
| If the access-group command is configured on an interface and there is no access-list created which of the following is most correct?
a) An error message will appear.
b) The command will be executed and deny all traffic out.
c) The command will be executed and permit all traffic out.
d) The command will be executed and permit all traffic in and out.
e) The command will be executed and deny all traffic in and out.
I believe the correct answer is D because if you have no access-list setup all traffic is allowed...I'm not sure. Also, I remember reading about some router simulator on line what the url? | |
|
| This question is answered repeatedly in the "Questions for CCNA.... Need Answers" thread. Check it if you still have questions.
In earlier releases of IOS, if you applied a non-existent access-list to an
interface, the router interpreted this as an access list having only the implicit
deny any any rule and would therefore block all traffic.
Because this drove engineers insane (imagine making a typo and blocking all
access to a remote site), they changed is behavior back in the 10.x days.
Now a non-existent access list is interpreted as having a permit any any rule
and will allow all traffic. After you place your first entry in the router it
gathers the implicit deny any any rule and you typically knock yourself off the
router. Not that i've ever done that or anything.
The moral of the story is never to apply an access list to interface unless
you're completely done editing it.
MadChef
|
|
|
|
|