Cisco® CCNA-ICND2 Exam Notes


1. IP access lists are a sequential list of permit and deny conditions that apply to IP addresses or upper-layer protocols. Access Control Lists are used in routers to identify and control traffic. There are two types of IP access lists:

A. Standard IP Access Lists: These have the format, access-list [number] [permit or deny] [source_address]

Keep in mind that: 

1. Place standard access lists as near the destination as possible and extended access lists as close to the source as possible. 

2. Access lists have an implicit deny at the end of them automatically. Because of this, an access list should have at least one permit statement in it; otherwise the access list will block all remaining traffic. 3. Access lists applied to interfaces default to outbound if no direction is specified.

B. Extended IP Access Lists: IP Extended Access lists have the format, access-list {number} {permit or deny} {protocol} {source} {destination} {port} With extended IP access lists, we can act on any of the following: -Source address - Destination address - IP protocol (TCP, ICMP, UDP, etc.) -Port information (WWW, DNS, FTP, etc.)
The permitted numbers for some important access-lists are: 1-99: IP standard access list 100-199 :IP extended access list 800-899 : IPX standard access list 900-999 : IPX extended access list 1000-1099 : IPX SAP access list 1100-1199 : Extended 48-bit MAC address access list

Previous  Up  Next

CertExams Blog! Facebook Page Twitter Page Certexams on YouTube

Cert-Ex™ Exam Simulators, Cert-Ex™ Network Simulator, Cert-Ex™ Cheatsheets are written independently by and not affiliated or authorized by respective certification providers. Cert-Ex™ is a trade mark of or entity representing