Certexams practice tests and network simulator Register             Login

Home >Cisco >CCNA >StudyNotes

Cisco Home  |  Practice Questions  |  Resources  |  Books  |  CertNotes  |  Download CCNA ExamSim

Exam notes for CCNA™ Exam

Cisco Certified Network Associate (CCNA™)

G. Access-Lists

1. Access lists are primarily used for two purposes:

1. Controlling traffic through a router, and
2. Controlling VTY access to a router’s VTY ports

2. IP access lists are a sequential list of permit and deny conditions that apply to IP addresses or upper-layer protocols. Access Control Lists are used in routers to identify and control traffic.

There are two types of IP access lists:

A. Standard IP Access Lists: These have the format,
access-list [number] [permit or deny] [source_address]

Keep in mind that:

1. Place standard access lists as near the destination as possible and extended access lists as close to the source as possible.
2. Access lists have an implicit deny at the end of them automatically. Because of this, an access list should have at least one permit statement in it; otherwise the access list will block all remaining traffic.
3. Access lists applied to interfaces default to outbound if no direction is specified.

B. Extended IP Access Lists: IP Extended Access lists have the format,
access-list {number}{permit or deny} {protocol} {source} {destination} {port}
With extended IP access lists, we can act on any of the following:
- Source address
- Destination address
- IP protocol (TCP, ICMP, UDP, etc.)
- Port information (WWW, DNS, FTP, etc.)

The permitted numbers for some important access-lists are:
1-99: IP standard access list
100-199: IP extended access list
800-899: IPX standard access list
900-999: IPX extended access list
1000-1099: IPX SAP access list
1100-1199: Extended 48-bit MAC address access list

3. Wild card masking: 

Wild card masking is used to permit or deny a group of addresses. For example, if we have a source address and want all the hosts on the last octet to be considered, we use a wild card mask,

Special cases:

Host is same as with a wild card mask of, considers only specified IP.
Any is equivalent to saying with a wild card mask of This means none of the bits really matter. All IP addresses need to be considered for meeting the criteria.

 Previous  Up  Next
Certexams.com Facebook Page Certexams.com Twitter Page Certexams.com Google+ Page

Disclaimer: CertExams.com is neither associated nor affiliated with Cisco® systems or any other company. CCNA™ is trademarks of Cisco® Systems and duly acknowledged. The practice tests material is a copyright of CertExams.com and the same is not approved or endorsed by respective certifying bodies.

Web Analytics