| A | B |
|---|
| Using named ACLs allows you to | modify your ACLs without deleting and then reconfiguring them. |
| Named ACLs are not compatible with Cisco | IOS releases prior to Release 11.2. |
| It is illegal to specify a standard ACL named George and | an extended ACL with the same name. |
| To remove a deny condition from an ACL use | no deny |
| 600-699 | Apple Talk |
| 1-99 | standard IP |
| 100-199 | extended IP |
| 800-899 | standard IPX |
| 900-999 | extended IPX |
| 1000-1099 | IPX SAP |
| ACLs can control | most protocols on a Cisco router |
| You can specify only one ACL per | protocol per interface |
| For some protocols, you can group up to | two ACLs to an interface: one inbound ACL and one outbound ACL. |
| For some protocols, you group | only one ACL, which checks both inbound and outbound packets |
| An ACL is inbound, when the router receives a packet | receives a packet |
| If the packet is permitted, the router software continues to process the packet | process the packet |
| If the packet is denied, the router software | discards the packet by placing it in the bit bucket |
| put the extended ACL as close as possible to | the source of traffic denied |
| Standard ACLs can only filter | using source address (not destination addresses |
| Standard ACLs should be put | as close to the destination as possible |
| ACLs are used to | control traffic by filtering packets and eliminating unwanted traffic at a destination |
| The role of ACLs in border routers is to | act as firewalls |
| The firewall router provides a point | of isolation so that the rest of the internal network structure is not affected by the outside world |
| border routers | routers situated on the boundaries of the network |
| A firewall architecture | a structure that exists between you and the outside world to protect you from intruders |
| show ip interface | displays IP interface information and indicates whether any ACLs are set |
| show access-lists | displays the contents of all ACLs |
