standard access-list

Answered Question
Feb 18th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!

This is my first questions towards routing exam's preparation(CCNP).


If i configure "access-list 10 permit 192.192.192.0"

Since i did not use the wild card mask,"0.0.0.0" wild card mask(According to my book)will be assumed. Is it correct ?


thanks a lot!

Correct Answer by Jon Marshall about 8 years 3 months ago

Sarah


Firstly, congratulations on passing your switching exam. Never doubted that you would :-)


Remember with acl's that there is an explicit deny at the end of all access-lists.


That said if you used a deny line in your acl then it would simply not carry out whatever set action you have included in your route-map.


Jon

Correct Answer by paolo bevilacqua about 8 years 3 months ago

99.9% It is not, but it might be an host address, however one cannot tell w/ knowing the mask of the subnet.


I'm saying that just in case a future question/interview tricks you into something similar.

Correct Answer by Jon Marshall about 8 years 3 months ago

Sarah


Does that mean you passed the switching exam ?


The answer to your question is yes. With a standard acl the default mask is 0.0.0.0 altho note that you are unlikely to get a match as 192.192.192.0 is not a host address.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 02/18/2009 - 14:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sarah


Does that mean you passed the switching exam ?


The answer to your question is yes. With a standard acl the default mask is 0.0.0.0 altho note that you are unlikely to get a match as 192.192.192.0 is not a host address.


Jon

Correct Answer
paolo bevilacqua Wed, 02/18/2009 - 14:57
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

99.9% It is not, but it might be an host address, however one cannot tell w/ knowing the mask of the subnet.


I'm saying that just in case a future question/interview tricks you into something similar.

Jon Marshall Wed, 02/18/2009 - 15:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paolo


Good catch, thanks for pointing that out.


Jon

sarahr202 Wed, 02/18/2009 - 17:21
User Badges:
  • Bronze, 100 points or more

Thanks Jon ! Yes i did pass the exam with your and other net pros's help. For that, i am very grateful to you.


Let me get back to question.

access lists are used to:

1)filter traffic.

2)to select traffic(e.g route map use access list to select particular packets for manipulation)


My focus is when we select traffic for manipluation( such as setting the qos, next hop ), we always use " permit".

For example.

access-list 10 permit host 199.199.199.1


vlan access-map zee 20


match ip address 10

action forward.


vlan filter zee vlan-list 2


What would be the implication if i had used " access-list 10 deny host 199.199.199.1" ?


I understand that this is different question, as I am scared of starting a new thread for the question.

Thanks a lot!





Correct Answer
Jon Marshall Thu, 02/19/2009 - 02:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sarah


Firstly, congratulations on passing your switching exam. Never doubted that you would :-)


Remember with acl's that there is an explicit deny at the end of all access-lists.


That said if you used a deny line in your acl then it would simply not carry out whatever set action you have included in your route-map.


Jon

Actions

This Discussion