Home > Access list Questions

Access list Questions

November 8th, 2018 Go to comments

Note: If you are not sure about Access list, please read our Access List Tutorial.

Question 1

Explanation

Below is the range of standard and extended access list:

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

Question 2

Explanation

The syntax of a named ACL is:

ip access-list {standard | extended} {name | number}

Therefore we can configure a standard acl with keyword “standard” and configure an extended acl with keyword “extended”. For example this is how to configure an named extended access-list:

Router(config)#ip access-list extended in_to_out permit tcp host 10.0.0.1 host 187.100.1.6 eq telnet

Question 3

Explanation

Below is the range of standard and extended access list

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

Question 4

Explanation

We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml

Question 5

Question 6

Explanation

You can check the named access-list with the “show ip access-list” (or “show access-list”) command:

R1#show ip access-list
Standard IP access list nat_traffic
    10 permit 10.1.0.0, wildcard bits 0.0.255.255
    15 permit 10.2.0.0, wildcard bits 0.0.255.255
    20 permit 10.3.0.0, wildcard bits 0.0.255.255

We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:

R1(config)#ip access-list nat_traffic 100 10

Then we can check this access-list again:

R1#show ip access-list
Standard IP access list nat_traffic
    100 permit 10.1.0.0, wildcard bits 0.0.255.255
    110 permit 10.2.0.0, wildcard bits 0.0.255.255
    120 permit 10.3.0.0, wildcard bits 0.0.255.255

We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.

Question 7

Explanation

The range of standard ACL is 1-99, 1300-1999 so 50 and 1550 are two valid numbers.

Question 8

Question 9

Explanation

The range of standard ACL is 1-99, 1300-1999 so 50 is a valid number for standard ACL.

Question 10

Question 11

Question 12

Question 13

Comments (14) Comments
Comment pages
1 2 2947
  1. Ronn
    July 19th, 2018

    I found these DUMPS for FREE, If you’d like to have it, here the link:

    *http*:*//q.gs/19626470/last-dump-ccna200-125-free

    (Just remove the *) Study hard guys (Not only from dumps), because being certified is tough. Good luck.

  2. NAN
    August 9th, 2018

    Share a useful link, the content inside is true and effective.
    h ttp://t.cn/RDf8 DJW

  3. Patrick
    September 11th, 2018

    Guys can some one help, what is the reason behind eq and equal in an ACL list. I under stand extended and standard plus ports but in the sim one statement is (equal www) and the next statement ends eq 80 ??? If equal what equals to I purposely reversed the command and it ((did’nt work)))
    Can someone throw some light, please.

  4. Patrick
    September 11th, 2018

    Also, what is the reason of permit ip (any any) or ip (any host)

  5. jowbits
    September 25th, 2018

    hi guys. can you help me on this one lab exam about ACL? i cannot complete practice lab because of my error in ACL 100. this is the question:

    5. Set access-list to prevent the connection
    from hosts in LAN as:
    – allow only Admin-Host to telnet to
    Ranet-CoreSW (password: ranetpass)
    – Not permit only User-Host1 to connect
    to any site in the internet.
    – Any traffic beside these should be allow.

    can you guys give me the correct ACL commands for this one?

    Thanks in advance

  6. Anonymous
    October 1st, 2018

    hello! im am taking the ccna exam next month , i need dumps. my email bakytjansambaev @ gmail. com

  7. ItsShowtime
    October 7th, 2018

    Regarding question 12 “When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?” every other sourceon the internet tells me it is the “how ip interface” command and also I am unable to find the “list ip interface” command… ?!

  8. shrestha
    October 9th, 2018

    @ jowbits

    ip access-list standard LINE_VTY
    permit host 192.168.10.2(Admin host)

    line vty 0 15
    password ranetpass
    login
    ip access-class LINE_VTY in

    For website block,

    access-list 101 deny host 192.168.10.50(User-Host1) host 200.64.255.254(web server) eq 80

    and apply to source router as possible

    Sometimes packet tracer wont work, you can close and reopen it.

  9. shrestha
    October 9th, 2018

    access-list 101 permit any any at the end

  10. q12
    November 4th, 2018

    it’s a crap question, you can only get that output by doing a sh run int and then looking at the acl to see what it’s doing.

    I doubt you’ll see this question on the exam, they would catch hell for putting it on there, it’s obviously a crap question

  11. Plypots
    December 20th, 2018

    Dynamic ACLs ARE NOT even covered in either of the Official Cisco CCNA Routing and Switching ICND1 OR ICND2 Cert guides. Is this question a mistake?

    Q
    uestion 4
    A network engineer wants to allow a temporary entry for a remote user with a specific username
    and password so that the user can access the entire network over the internet. Which ACL can be
    used?
    A. reflexive
    B. extended
    C. standard
    D. dynamic

  12. bbs
    December 26th, 2018

    Hi all, do you have latest CCNA dumps please sent to hbircanicat[at]gmail[dot]com

  13. Anonymous
    January 1st, 2019

    great

  14. bob12
    March 7th, 2019

    Can someone explain the answer to this question? How does sh ip int brief help in anyway with an ACL issue????

    “When you are troubleshooting an ACL issue on a router, which command would you use to verify
    which interfaces are affected by the ACL?”

Comment pages
1 2 2947
Add a Comment