| A | B |
|---|
| access control list | List kept by Cisco routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router). |
| Dial-on-demand routing (DDR) | Technique whereby a Cisco router can automatically initiate and close a circuit-switched session as transmitting stations demand. |
| Domain Naming System (DNS) | System used in the Internet for translating names of network nodes into addresses. See also authority zone. |
| firewall | Router or access server, or several routers or access servers, designated as a buffer between any connected public networks and a private network |
| Internet Protocol (IP) | Network layer protocol in the TCP/IP stack offering a connectionless internetwork service. IP provides features for addressing, type-of-service specification, fragmentation and reassembly, and security |
| packet | Logical grouping of information that includes a header containing control information and (usually) user data; refers to network layer units of data |
| queue | an ordered list of elements waiting to be processed. |
| Transmission Control Protocol (TCP) | Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. |
| Transmission Control Protocol/Internet Protocol (TCP/IP) | Common name for the suite of protocols developed by the U.S. DoD in the 1970s to support the construction of worldwide internetworks. |
| User Datagram Protocol (UDP) | a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols. |
| wildcard mask | 32-bit quantity used in conjunction with an IP address to determine which bits in an IP address should be ignored when comparing that address with another IP address |
| 0 | Check |
| 1 | Ignore |
| Acceptance and denial can be based on certain specifications, such as | source address, destination address, and port number. |
| ACLs can be configured at the router to control | access to a network or subnet |
| ACLs filter network traffic by controlling whether routed packets are | forwarded or blocked at the router's interfaces. |
| ACLs must be defined on a | per-protocol basis. |
| ACL statements operate in | sequential, logical order. |
| If a condition match is true, the packet is permitted or denied and the rest of the ACL statements are | not checked |
| If all the ACL statements are unmatched, an | implicit "deny any" statement is imposed |
| You create ACLs by using the | global configuration mode. |
| standard ACL statements | Specifying an ACL number from 1 to 99 |
| extended ACL statements | Specifying an ACL number from 100 to 199 |
| The first step is to create an ACL definition, and the second step is to | apply the ACL to an interface |
| Outbound ACLs | generally more efficient |
| no access-list {list-number} | delete all the statements in the numbered ACL |
| ACLs use wildcard masking to | identify a single or multiple addresses for permit or deny tests. |
| 0.0.0.0 255.255.255.255 | any |
| Router(config)# access-list 1 permit 172.30.16.29 0.0.0.0 | Router(config)# access-list 1 permit host 172.30.16.29 |
| standard ACLs | Generally permits or denies entire protocol suite |
| Extended ACLs | Generally permits or denies specific protocols |
| show access-lists | EXEC command to display the contents of all ACLs |
| show access-list 1 | EXEC command to display the contents of ACL 1 |
| ip access-group | groups an existing ACL to an interface |
| ONLY one ACL per port | per protocol per direction is allowed |
| ip access-group 1 out | groups the ACL to an outgoing interface |
| Standard ACLs filter traffic based on | a source address and mask. |
| Extended ACL statements check for | source address and for destination address |
| access-list 101 deny tcp 172.16.4.0 0.0.0.255 any eq 23 | denies Telnet traffic (eq 23) from 172.16.4.0 |
