Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

standard access-list

Hi every body!

This is my first questions towards routing exam's preparation(CCNP).

If i configure "access-list 10 permit 192.192.192.0"

Since i did not use the wild card mask,"0.0.0.0" wild card mask(According to my book)will be assumed. Is it correct ?

thanks a lot!

3 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: standard access-list

Sarah

Does that mean you passed the switching exam ?

The answer to your question is yes. With a standard acl the default mask is 0.0.0.0 altho note that you are unlikely to get a match as 192.192.192.0 is not a host address.

Jon

Hall of Fame Super Gold

Re: standard access-list

99.9% It is not, but it might be an host address, however one cannot tell w/ knowing the mask of the subnet.

I'm saying that just in case a future question/interview tricks you into something similar.

Hall of Fame Super Blue

Re: standard access-list

Sarah

Firstly, congratulations on passing your switching exam. Never doubted that you would :-)

Remember with acl's that there is an explicit deny at the end of all access-lists.

That said if you used a deny line in your acl then it would simply not carry out whatever set action you have included in your route-map.

Jon

5 REPLIES
Hall of Fame Super Blue

Re: standard access-list

Sarah

Does that mean you passed the switching exam ?

The answer to your question is yes. With a standard acl the default mask is 0.0.0.0 altho note that you are unlikely to get a match as 192.192.192.0 is not a host address.

Jon

Hall of Fame Super Gold

Re: standard access-list

99.9% It is not, but it might be an host address, however one cannot tell w/ knowing the mask of the subnet.

I'm saying that just in case a future question/interview tricks you into something similar.

Hall of Fame Super Blue

Re: standard access-list

Paolo

Good catch, thanks for pointing that out.

Jon

Bronze

Re: standard access-list

Thanks Jon ! Yes i did pass the exam with your and other net pros's help. For that, i am very grateful to you.

Let me get back to question.

access lists are used to:

1)filter traffic.

2)to select traffic(e.g route map use access list to select particular packets for manipulation)

My focus is when we select traffic for manipluation( such as setting the qos, next hop ), we always use " permit".

For example.

access-list 10 permit host 199.199.199.1

vlan access-map zee 20

match ip address 10

action forward.

vlan filter zee vlan-list 2

What would be the implication if i had used " access-list 10 deny host 199.199.199.1" ?

I understand that this is different question, as I am scared of starting a new thread for the question.

Thanks a lot!

Hall of Fame Super Blue

Re: standard access-list

Sarah

Firstly, congratulations on passing your switching exam. Never doubted that you would :-)

Remember with acl's that there is an explicit deny at the end of all access-lists.

That said if you used a deny line in your acl then it would simply not carry out whatever set action you have included in your route-map.

Jon

242
Views
0
Helpful
5
Replies