Name ...sheetscisco.pbworks.com/w/file/fetch/50406788/Discovery 3... · Web view1 CCNA Discovery...

Name _______________________________________________________ Date ________________

CCNA Discovery 3Chapter 8 Reading Organizer

After completion of this chapter, you should be able to:

Describe traffic filtering and explain how Access Control Lists (ACLs) can filter traffic at router interfaces. Analyze the use of wildcard masks. Configure and implement ACLs. Create and apply ACLs to control specific types of traffic. Log ACL activity and integrate ACL best practices.

1. What is Traffic Filtering?

2. Packet filtering can be simple or complex, denying or permitting traffic based on what network elements?

3. How does traffic filtering improve network performance?

4. What devices are most commonly used to provide traffic filtering?

5. The primary use of Access Control Lists is to identify the _____________________ to __________ or ______.

6. ACLs identify traffic for multiple uses such as:

CCNA Discovery 3 Bill Link, CCNA, CCAIIntroducing Routing and Switching in the Enterprise Cisco Academy InstructorChapter 8 Filtering Traffic Using Access Control Lists Cape Girardeau Career and Technology Center

1

7. What are some potential problems that can result from using ACLs?

8. There are three types of ACLs:

a. The ________ ACL is the simplest of the three types. When creating a _________ IP ACL, the ACLs filter based on the _______ IP address of a packet. __________ ACLs permit or deny based on the ______________, such as ___. So, if a host device is denied by a _________ ACL, all services from that host are denied. This type of ACL is useful for allowing all services from a specific user, or LAN, access through a router while denying other IP addresses access. ________ ACLs are identified by the number assigned to them. For access lists permitting or denying IP traffic, the identification number can range from ___ to ____and from _____ to _______.

b. _________ ACLs filter not only on the source IP address but also on the ____________ IP address, _________, and _____ numbers. ___________ ACLs are used more than Standard ACLs because they are more specific and provide greater control. The range of numbers for _____________ ACLs is from ______to ______ and from ______ to _______.

c. ________ ACLs (NACLs) are either Standard or Extended format that are referenced by a descriptive ________ rather than a number. When configuring __________ ACLs, the router IOS uses a ______ subcommand mode.

9.


2

10. What is always at the end of an ACL? What is the result of an ACL that does not have at least one “permit” statement? Explain:

11. After an ACL is created, what else must be done for it to become effective?

12. Explain how an ACL can be applied in either an inbound or outbound direction:

13. When a packet arrives at an interface, what parameters does a router check?

14.


3

15.

16. When creating an ACL, what two special parameters can be used in place of a wildcard mask?

17. To filter a single, specific host, use either the wildcard mask _______________ after the IP address or the __________________________ prior to the IP address.

18. To filter all hosts, use the all 1s parameter by configuring a wildcard mask of _________________________. Another way to filter all hosts is to use the ___________ parameter.

19. Explain the purpose and practice of using a “permit any” statement as the last statement in an ACL:


4

20.

21. List the steps involved in planning the creation and placement of access control lists:

22. It is important to place standard ACLs as close to the _____________________ as possible. Explain:

23. Explain when to use an extended ACL:


5

24. Place an Extended ACL close to the _______________ address. Explain why:

25. Place ACLs on routers in either the _____________ or ________________________Layer. Why?

26. Why is the inbound access control list more efficient for the router than an outbound access list?

27. List ACL processing and creation guidelines:

28. What are the two steps to configuring an access control list?

29. Why should you plan the ACL so that the more specific requirements appear before more general ones?


6

30. List and EXPLAIN ACL commands that evaluate the proper syntax, order of statements, and placement on interfaces:

31. Explain why it is often recommended to create ACLs in a text editor:

Lab 8.3.3: Configuring and Verifying Standard ACLs

32. What are some ways to minimize statements and reduce the processing load of the router?

Lab 8.3.4: Planning, Configuring and Verifying Extended ACLs

Packet Tracer 8.3.5: Configuring and Verifying Standard Named ACLs

Lab 8.3.5: Configuring and Verifying Extended Named ACLs33. What is the reason for applying an ACL to a router’s vty (telnet or ssh) ports?


7

34. What different command is used when applying the ACL to a VTY line instead of using the ip access-group command?

35. What guidelines should be followed when configuring access lists on VTY lines?

Lab 8.3.6: Configuring and Verifying VTY Restrictions

Packet Tracer 8.3.6: Planning, Configuring and Verifying Standard, Extended and Named ACLs

36. Extended ACLs filter on ______ and _____________ IP addresses. It is often desirable to filter on even more specific packet details. OSI Layer 3 ________________________, Layer 4 _____________________ and _______________________________________ provide this capability.

37. Some of the protocols available to use for filtering include:

38. If neither the port number nor the name is known for an application, what are some steps for locating that information?

39. Explain how ACLs deal with applications that have multiple port numbers, such as FTP or email traffic:


8

Packet Tracer 8.4.1: Configuring and Verifying Extended ACLs to Filter on Port Numbers

40. Explain the purpose of the ACL statement: access-list 101 permit tcp any any established

41. Define Stateful Packet Inspection:

42. Explain the purpose of the keywords echo-reply and unreachable in an ACL:


9

43.


10

44. How may implementing NAT and PAT create a problem when planning ACLs?

Lab 8.4.3: Configuring an ACL with NAT

45. Administrators need to examine the ACL, one line at a time, and answer the following questions:

46. When evaluating an Extended ACL, it is important to remember these key points:

47.


11

48. When routing between VLANs in a network, it is sometimes necessary to control traffic from one VLAN to another using ACLs. What are the differences in the rules and guidelines for creation and application of ACLs on VLANs and on router subinterfaces as opposed to physical interfaces?

Lab 8.4.5: Configuring and Verifying ACLs to filter Inter-VLAN Traffic

Packet Tracer 8.4.5: Configuring and Verifying Extended ACLs with a DMZ

49. How does the information gained from the show access-list command differ from adding the log parameter to the end of an individual ACL statement?

50. Why should you use logging for a short time only to complete testing of the ACL?

51. ACL logging generates an informational message that contains:

52. To turn off logging, use:

53. To turn off all debugging, use:

54. To turn off specific debugging, such as ip packet, use:

Lab 8.5.1: Configuring ACLs and Verifying with Console Logging55. Why should you configure a router to send logging, or syslog messages, to an external server?


12

Name ...sheetscisco.pbworks.com/w/file/fetch/50406788/Discovery 3... · Web view1 CCNA Discovery...

Documents

Transcript of Name ...sheetscisco.pbworks.com/w/file/fetch/50406788/Discovery 3... · Web view1 CCNA Discovery...