standard access-list

Answered Question
Feb 18th, 2009

Hi every body!

This is my first questions towards routing exam's preparation(CCNP).

If i configure "access-list 10 permit 192.192.192.0"

Since i did not use the wild card mask,"0.0.0.0" wild card mask(According to my book)will be assumed. Is it correct ?

thanks a lot!

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 11 months ago

Sarah

Firstly, congratulations on passing your switching exam. Never doubted that you would :-)

Remember with acl's that there is an explicit deny at the end of all access-lists.

That said if you used a deny line in your acl then it would simply not carry out whatever set action you have included in your route-map.

Jon

Correct Answer by Paolo Bevilacqua about 7 years 11 months ago

99.9% It is not, but it might be an host address, however one cannot tell w/ knowing the mask of the subnet.

I'm saying that just in case a future question/interview tricks you into something similar.

Correct Answer by Jon Marshall about 7 years 11 months ago

Sarah

Does that mean you passed the switching exam ?

The answer to your question is yes. With a standard acl the default mask is 0.0.0.0 altho note that you are unlikely to get a match as 192.192.192.0 is not a host address.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 02/18/2009 - 14:49

Sarah

Does that mean you passed the switching exam ?

The answer to your question is yes. With a standard acl the default mask is 0.0.0.0 altho note that you are unlikely to get a match as 192.192.192.0 is not a host address.

Jon

Correct Answer
Paolo Bevilacqua Wed, 02/18/2009 - 14:57

99.9% It is not, but it might be an host address, however one cannot tell w/ knowing the mask of the subnet.

I'm saying that just in case a future question/interview tricks you into something similar.

sarahr202 Wed, 02/18/2009 - 17:21

Thanks Jon ! Yes i did pass the exam with your and other net pros's help. For that, i am very grateful to you.

Let me get back to question.

access lists are used to:

1)filter traffic.

2)to select traffic(e.g route map use access list to select particular packets for manipulation)

My focus is when we select traffic for manipluation( such as setting the qos, next hop ), we always use " permit".

For example.

access-list 10 permit host 199.199.199.1

vlan access-map zee 20

match ip address 10

action forward.

vlan filter zee vlan-list 2

What would be the implication if i had used " access-list 10 deny host 199.199.199.1" ?

I understand that this is different question, as I am scared of starting a new thread for the question.

Thanks a lot!

Correct Answer
Jon Marshall Thu, 02/19/2009 - 02:34

Sarah

Firstly, congratulations on passing your switching exam. Never doubted that you would :-)

Remember with acl's that there is an explicit deny at the end of all access-lists.

That said if you used a deny line in your acl then it would simply not carry out whatever set action you have included in your route-map.

Jon

Actions

This Discussion