how many ways to enter an acl
whoflungdung88
Member Posts: 15 ■□□□□□□□□□
in CCNA & CCENT
Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
uummmmm yeah
Comments
-
wait2dominate Member Posts: 74 ■■□□□□□□□□whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
I've only seen/written it the way you wrote.
Not to add confusion, but you could also write the middle line as
Router1(config-ext-nacl)#deny tcp host 22.6.21.1 host 22.6.22.2 eq ftp logBrake lights are a sign your car doesn't handle well enough.
CCNP or MCSE is next to come. -
tech-airman Member Posts: 953whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
whoflungdung88,
What is the purpose of the ACL? -
whoflungdung88 Member Posts: 15 ■□□□□□□□□□Yeah, that's what I was thinking. Can anyone else that has taken the exam confirm this for me?
What made me bring this question up to my friend. Is that I am using a study site that he recommends. (he has his ccnp now)
So I come up to these practice sims on this site. I know that some sims will act funny and either be incorrect, or straight up glitchy with configs. (Thus reminding me of the statement, you can't beat the real deal go and buy yourself some routers.) And that site also says do it the way my friend is telling me to do it. I simply just can't afford to learn by trial an error, exactly what way is cisco's way of correctly putting in an extended acl for this ccna test. *Le Sigh*uummmmm yeah -
whoflungdung88 Member Posts: 15 ■□□□□□□□□□tech-airman wrote:whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
whoflungdung88,
What is the purpose of the ACL?
The purpose of an acl can be for administrating access to network resources. Filtering traffic accross various interfaces either for load balancing, manipulation for route maps via ebg and ibgp. I mean, that's what I can think of off my head from my experience with them.uummmmm yeah -
georgemc Member Posts: 429whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
I've always done it the way your friend showed you. But I'm rather old-school, the way you're doing it, which is a named ACL, wasn't introduced until later on. You should be able to recognize both methods as valid ways to enter an ACL. Also, the "101" that you placed in your command is actually a text string. Use help at the command prompt to clarify what I'm talking about. The key word EXTENDED negates the need for the access-list numbers. BTW, which book are you referencing that doesn't cover both methods?WGU BS: Business - Information Technology Management
Start Date: 01 October 2012
QFT1,PFIT in progress.
TRANSFERRED/COMPLETED: AGC1,BBC1,LAE1,QBT1,LUT1,QLC1,QMC1,QLT1,IWC1,INC1,INT1,BVC1,CLC1,MGC1, CWV1 BNC1, LIT1,LWC1,QAT1,WFV1,EST1,EGC1,EGT1,IWT1,MKC1,MKT1,RWT1,FNT1,FNC1, BDC1,TPV1 REQUIRED: -
tech-airman Member Posts: 953whoflungdung88 wrote:tech-airman wrote:whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
whoflungdung88,
What is the purpose of the ACL?
The purpose of an acl can be for administrating access to network resources. Filtering traffic accross various interfaces either for load balancing, manipulation for route maps via ebg and ibgp. I mean, that's what I can think of off my head from my experience with them.
whoflungdung88,
I asked what _is_ the purpose of the ACL and not what it "can be" for. Without a clear understanding of your goal, I'm sorry to say it almost doesn't matter how it's configured. -
whoflungdung88 Member Posts: 15 ■□□□□□□□□□georgemc wrote:whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
I've always done it the way your friend showed you. But I'm rather old-school, the way you're doing it, which is a named ACL, wasn't introduced until later on. You should be able to recognize both methods as valid ways to enter an ACL. Also, the "101" that you placed in your command is actually a text string. Use at the command prompt to clarify what I'm talking about. The key word EXTENDED negates the need for the access-list numbers. BTW, which book are you referencing that doesn't cover both methods?
Right now I am looking at the "SYBEX 5th Edition for the 640-801" book. It's pretty much saying the same thing too.uummmmm yeah -
whoflungdung88 Member Posts: 15 ■□□□□□□□□□tech-airman wrote:whoflungdung88 wrote:tech-airman wrote:whoflungdung88 wrote:Ok here is the deal.
I have been working on my routers at home and at work building and tearing down acl's. I am going to point out an extended since this is where I have been told some confusing information.
below is a sample as to how I have been entering an extended acl
Router1(config)#ip access-list extended 101
Router1(config-ext-nacl)#deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 eq ftp log
Router1(config-ext-nacl)#permit ip any any
So I have a friend that tells me that he normally inputs
Router1(config)#ip access-list 101 deny tcp 22.6.21.1 0.0.0.0 22.6.22.2 0.0.0.0 ftp log
Router1(config-ext-nacl)#permit ip any any
I pretty much replied back to him that as first acl written, is how I have been practicing. So now I am kinda freaked cuz I have the test coming up tomorrow and I am afraid that I might get stuck with an acl sim and think I have it down right, but mess up on it. So can anybody give me any advice wether or not I am using an outdated IOS image and memorizing an older command?
whoflungdung88,
What is the purpose of the ACL?
The purpose of an acl can be for administrating access to network resources. Filtering traffic accross various interfaces either for load balancing, manipulation for route maps via ebg and ibgp. I mean, that's what I can think of off my head from my experience with them.
whoflungdung88,
I asked what _is_ the purpose of the ACL and not what it "can be" for. Without a clear understanding of your goal, I'm sorry to say it almost doesn't matter how it's configured.
Yeah sorry bout that. I read the question too fast I guess ma bad. Well, I can already set up an acl on my routers and get the desired results that I am looking for. *Hence on my own routers here at home* but like I said, there seems to be two different ways to put in an "extended acl". I know nobody can straight up tell me what the details are going to be as far as the simulation for the actual exam. So I am trying to figure out what way is the correct way for the exam.uummmmm yeah -
Netstudent Member Posts: 1,693 ■■■□□□□□□□They are both valid methods. One is a named access-list and one is a not named. The good thing about a named access-list is you can modify it without having to delete the whole access-list. I haven't taken the test, but from what I have gathered is that you should use the the method of acces-list 101 deny/permit ....ect ect UNLESS the question specifies to use a named access list. If they wanted to test your ability to identify and implement a named access-list, then the question would probably say, "create a named access-list". Anyways good luck!There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!