YouTube Icon

Interview Questions.

Top 24 Access Control List Interview Questions - Jul 25, 2022

fluid

Top 24 Access Control List Interview Questions

Q1. Which Traffic Is Not Filtered By Acl?

Traffic that is generated by the router itself, ACL is going to clear out handiest trit site visitors.

Q2. What Is At The End Of Each Access List?

At the give up of each get right of entry to list, there may be an implicit deny announcement denying any packet for which the healthy has no longer been found in the get admission to listing.

Q3. What Is Acl?

Access Control List is a packet filtering technique that filters the IP packets primarily based on source and destination cope with. It is a fixed of guidelines and situations that permit or deny IP packets to exercise manage over community site visitors.

Q4. What Is The Difference Between Access-group And Access-elegance Command?

Access-institution command is used to filter site visitors at the Interface (Ethernet, Serial).

Access-magnificence command is used to filter traffic on Lines (Vty, Console, aux).

Q5. What Is The Function Of Access-list?

Access-List is going to filter out incoming in addition to outgoing traffic at the router interface.

Q6. What Is The Default Action Of Acl, If No Condition Matches In Acl?

Drop site visitors.

Q7. In Which Directions We Can Apply An Access List?

We can follow get entry to listing in two guidelines:-

IN - ip get entry to-organization 10 in

OUT - ip get right of entry to-institution 10 out

Q8. How To Permit Or Deny Specific Host In Acl?

@Using a wildcard masks "0.0.0.Zero"

Example: - 192.168.1.1 zero.Zero.0.0 or

@Using keyword "Host"

Example: - Host 192.168.1.1

Q9. How Access Lists Are Processed?

Access lists are processed in sequential, logical order, evaluating packets from the pinnacle down, one statement at a time. As soon as a suit is made, the permit or deny option is applied, and the packet is not evaluated against any extra get entry to listing statements. Because of this, the order of the statements within any get entry to list is big. There is an implicit “deny” at the quit of each access listing which me that if a packet does not healthy the condition on any of the lines inside the get admission to list, the packet could be discarded.

Q10. What Is The Difference Between Ipv4 Acl And Ipv6 Acl?

No preferred ACL in IPV6

No wildcard mask in IPV6 ACL

In IPV6 simplest Named ACL's are to be had, there is no numbered ACL.

Q11. What Is The Difference Between Numbered Acl And Named Acl?

Numbered ACL is created by means of the usage of range; Named ACL is created with the aid of using call,

Removing of specific declaration is not feasible in Numbered ACL, It is feasible in Named ACL.

Q12. What Are The Advantages Of Standard Acl?

Simple Packet Filtering Purpose

Limiting Access on VTY lines

Route Filtering

NAT

Route- MAPs

Q13. Difference Between Inbound Access-listing And Outbound Access-list?

When an get admission to-listing is implemented to inbound packets on interface, the ones packets are first processed via ACL after which routed. Any packets which are denied won’t be routed. When an access-list is carried out to outbound packets on interface, the ones packets are first routed to outbound interface and than processed via ACL.

Q14. What Is The Default Wildcard Mask For Access-listing?

Default Wild Card Mask for Access-List is zero.Zero.Zero.Zero

Q15. What Are The Advantages Of Extended Acl?

Complex Packet Filtering Purpose

Route Filtering

VPN

TCP Intercept

IOS Firewall

Q16. How Many Access-lists Can Be Created On The Router?

1 in step with Interface

1 in line with Direction

1 in step with Protocol

Q17. What Is Wildcard Mask?

Wildcard masks is used with ACL to specify an character hosts, a community, or quite a number community. Whenever a zero is present, it shows that octet within the deal with must fit the corresponding reference exactly. Whenever a 255 is present, it suggests those octets need not to be evaluated.

Wildcard Mask is absolutely opposite to subnet masks.

Example:- For /24

Subnet Mask - 255.255.255.Zero

Wildcard Mask - 0.Zero.0.255

Q18. What Are Different Types Of Acl?

There are  fundamental kinds of Access lists:-

Standard Access List.

Extended Access List.

Q19. Difference Between #sh Access-list Command And #sh Run Access-listing Command?

#sh get right of entry to-listing indicates number of Hit Counts.

#sh run access-listing does not show wide variety of Hit Counts.

Q20. Explain Extended Access List?

Extended Access List filters the network traffic based on the Source IP address, Destination IP cope with, Protocol Field within the Network layer, Port variety discipline on the Trport layer. Extended Access List stages from a hundred to 199, In elevated range 2000-269@Extended Access List ought to be located as close to source as viable. Since extended get right of entry to listing filters the site visitors primarily based on specific addresses (Source IP, Destination IP) and protocols we don’t need our site visitors to traverse the entire community just to be denied losing the bandwidth.

Example:-

R1 (config) # get entry to-list one hundred ten deny tcp any host 192.168.1.1 eq 23

R1 (config) # int fa0/0

R1 (config-if) # ip get right of entry to-organization 110 in

Q21. Explain Named Acl And Its Advantages Over Number Acl?

It is simply any other way of making Standard and Extended ACL. In Named ACL names are given to become aware of get admission to-listing.

It has following gain over Number ACL - In Name ACL we are able to deliver sequence range which me we will insert a new statement in middle of ACL.

Example:-

R1 (config) # ip get entry to-listing prolonged CCNA

R1 (config) # 15 allow tcp host 10.1.1.1 host 20.1.1.1 eq 23

R1 (config) # go out

This will insert above assertion at Line @

R1 (config) # int fa0/zero

R1 (config-if) # ip get admission to-organization ccna in

Q22. Explain Standard Access List?

Standard Access List examines most effective the source IP address in an IP packet to permit or deny that packet. It can not fit different area in the IP packet. Standard Access List may be created the use of the access-list numbers 1-99 or within the expanded variety of 1300-199@Standard Access List should be carried out close to destination. As we are filtering primarily based simplest on supply address, if we placed the same old get admission to-listing close to the supply host or community than not anything might be forwarded from source.

Example:-

R1 (config) # get admission to-listing 10 deny host 192.168.1.1

R1 (config) # int fa0/zero

R1 (config-if) # ip get entry to-group 10 in

Q23. How Many Access Lists Can Be Applied To An Interface On A Cisco Router?

We can assign only one access list in keeping with interface consistent with protocol in keeping with direction which me that after creating an IP access lists, we are able to have best one inbound get entry to listing and one outbound access listing consistent with interface. Multiple get admission to lists are permitted in line with interface, however they must be for a different protocol.

Q24. What Is The Difference Between Standard Acl And Extended Acl?

Standard ACL best assessments Source IP cope with, Extended ACL assessments Source IP, Destination IP and Protocol also for filtering visitors.

Standard ACL may be created the use of wide variety (1-99, 1300-1399) and Extended ACL may be created the usage of quantity (a hundred-199, 2000-2699).

Two manner conversation is blocked in Standard ACL, One way verbal exchange is stopped in Extended ACL.

Standard ACL implemented close to to vacation spot, Extended ACL implemented close to to Source.




.NET Apps Interview Questions
Jul 12, 2022
'When were you most satisfied in your job?'
Mar 07, 2023
CFG

Top Courses

CFG
CodeIgniter
CFG
OrientDB
CFG
Internet of Things
CFG
JIRA
CFG
SQLite
CFG
Selenium