| Author |
access list question
|
|
| ne0-reloaded 2003-10-28, 6:53 pm |
| im studying for my ccna and heres a question i came across which confuses me:
QUESTION NO: 28
As a network technician you are configuring access lists on an interface of a Cisco router.
You use multiple access lists.
Which of the following statements are valid? (Select one)
A. There is no limit to the number of access lists that can be applied to an interface, as long as they are
applied in order from most specific to most general.
B. Cisco IOS allows only one access list to be applied to an interface.
C. One access list may be configured per direction for each Layer 3 protocol configured on an interface.
D. Up to three access lists per protocol can be applied to a single interface.
E. No more than two access lists can be applied to a single interface.
F. The maximum number allowed varies depending on the amount of RAM installed in the router.
ANSWER: A
isnt the answer C, only one ACL can be configured per interface, per direction, per protocol? im confused bout it, plz help | |
| Yankee 2003-10-29, 4:39 am |
| The only way A can be correct is if they are referring to the number of lines in a single access-list, but C would have been my answer to that question.
Yankee | |
| ne0-reloaded 2003-10-29, 12:58 pm |
| im thinking its just a regular mistake because in the question it says you're using multiple acl's.
thanks for the help tho | |
| miami_dude 2003-10-29, 1:07 pm |
| I guess the answer for this one is (B).
C) Lets take this one ....
Suppose there are two Layer 3 protocol on serial 0/0, say IPX and IP
and the ACL on IPX is access-list 800
and on IP is ACL 101
You cant apply both the access list on serial 0/0, thou they are in same direction.
So answer (c) is wrong. Thats what i think.If i'm wrong correct me!!! | |
| ne0-reloaded 2003-10-29, 2:40 pm |
| "You cant apply both the access list on serial 0/0, thou they are in same direction.
So answer (c) is wrong. Thats what i think.If i'm wrong correct me!!!"
answer c says u can only have one acl per direction, same thing u stated.
b cant be the right answer because u can have more than one acl per interface. u can have one inbound and one outbound on e0 for example, they just cant be the same protocol. | |
| Demijohn 2003-10-29, 4:38 pm |
| Stop it you guys...
One ACL per interface, per protocol, per direction. That would be answer C. | |
| ne0-reloaded 2003-10-29, 7:50 pm |
| quote:
Originally posted by Demijohn
Stop it you guys...
One ACL per interface, per protocol, per direction. That would be answer C.
stop what? were having a discussion, stop tryin to be papa smurf. | |
| Demijohn 2003-10-30, 9:22 am |
| quote:
stop tryin to be papa smurf.
Sorry
quote:
So answer (c) is wrong. Thats what i think.If i'm wrong correct me!!!
You're wrong, Answer C is correct. | |
| ne0-reloaded 2003-10-30, 1:03 pm |
| i know this has nothin to do with acl's, but is ip at layer 3 or layer 4 of the osi? i thought it was 3 cause its used in routing, but it is part of the tcp/ip protocol suite, so it might be 4. someone plz confirm. thanks | |
| miami_dude 2003-10-30, 3:09 pm |
| Its layer 3.
What exam ur taking...801 or 607??? | |
| thebonzodog 2003-10-30, 3:17 pm |
| TCP is layer 4, and reliable, connection orientated.
IP is layer 3 and connectionless. | |
| ne0-reloaded 2003-10-30, 3:40 pm |
| quote:
Originally posted by miami_dude
What exam ur taking...801 or 607???
im taking the 640-801. by the time the fact that cisco was changing from the 607 to the 801, the deadline had come and gone. im usin 640-607 material though.
i dont know if u know this or not, but dont think that the 640-607 sybex will give u enough info for the test. theres so much more info in the 640-607 cisco press book, especially in the WAN sections. im going over the 607 cisco press pdf right now to supplement whats missing from the sybex book.
hopefully ima be takin it some next month | |
| ne0-reloaded 2003-10-30, 4:18 pm |
| is this legal for an extended ip 101 ACL:
access-list 101 permit tcp any host 172.16.3.1 eq 80
access-list 101 permit tcp any host 172.16.4.1 eq 21
will the 2nd line overwrite the first line, or will the 2nd line just be added to the ACL so that it only allows http access via 172.16.3.1 interface and only allows ftp access through the 172.16.4.1 interface? | |
| Yankee 2003-10-31, 7:25 pm |
| If you had the one line of access-list 101 already applied in your config and later added that second line it would be appended to the bottom of the access-list. It is important to understand this because in many cases the order of the lines in an access-list is important (remembering that they are read by the router from the top down until the first match is found). Because of this, it is good practice to use notepad and first remove the access-list followed by reapplying the entire list in the order you want. This helps prevent any unwanted surprises.
Yankee |
|
|
|