Which cmd do we need to know for Access lists?

lon21

Just saw the CBT Nuggets videos and there are two types of commands which allow you to configure the access list on a router.

1. access-list
2. ip access-list

The second cmd allows you to edit the access list and also use TEXT to name them instead of numbers.

Which one would we need to know for the exam, or will we get marks if you use either?

Thanks

Panzer919

It all depends on what SPECIFICALLY they are asking. You need to know why and when to use one over the other.

If a question says you need to create an ACL that uses A,B, and D but not C then you have to figure out which one you can do that with.

lon21

The video says you can use both?

CodeBlox

Probably both. With the first, you just don't get to use named ACLS, nor do you get to use the idea of "sequenced ACLS" where you can add a specific entry into the ACL with a sequence number.

ccnxjr

Learn both, but don't get *stuck* there, it will take some time to master.
If you try and cram it all over a weekend you might remember most on Monday, and less on Tuesday and none by Friday.
This is something that requires constant review, especially if your not using it frequently.

You may be given either command and asked if it's flawed in anyway or describe its purpose.
Or you may be presented with a network diagram and asked to pick the an ACL and appropriate interface to place it to achieve some objective like block SSH but allow web-traffic.

I wonder if there there's a site like subnettingquestions.com - Free Subnetting Questions and Answers Randomly Generated Online but for ACLS?

instant000

lon21 wrote: »

Just saw the CBT Nuggets videos and there are two types of commands which allow you to configure the access list on a router.

1. access-list
2. ip access-list

The second cmd allows you to edit the access list and also use TEXT to name them instead of numbers.

Which one would we need to know for the exam, or will we get marks if you use either?

Thanks

According to the Exam Blueprint:
- Describe the purpose and types of ACLs
- Configure and apply ACLs based on network filtering requirements using SDM and CLI
- Configure and apply an ACL to limit telnet and SSH access to the router using SDM and CLI
- Verify and monitor ACLs in a network environment
- Troubleshoot ACL issues



I interpret that to mean that you need to know both.

ChooseLife

This doc covers different ACL types:
Configuring IP Access Lists - Cisco Systems
Reading it and making sure you understand/remember every bit of it should have you covered for the ACL portion of CCNA.

lon21

ccnxjr wrote: »

Learn both, but don't get *stuck* there, it will take some time to master.
If you try and cram it all over a weekend you might remember most on Monday, and less on Tuesday and none by Friday.
This is something that requires constant review, especially if your not using it frequently.

You may be given either command and asked if it's flawed in anyway or describe its purpose.
Or you may be presented with a network diagram and asked to pick the an ACL and appropriate interface to place it to achieve some objective like block SSH but allow web-traffic.

I wonder if there there's a site like subnettingquestions.com - Free Subnetting Questions and Answers Randomly Generated Online but for ACLS?

Thanks,

But what happens is there is a question in sims which wants you to type the command, which one would you use then?

Chris_

Just make sure you know both. I have a personal preference for named access Lists but have never been able to enter them in an exam sim. The sims can be trial and error and not all commands are supported, especially show commands -
The main point is that you should know both methods anyway!

ccnxjr

lon21 wrote: »

Thanks,

But what happens is there is a question in sims which wants you to type the command, which one would you use then?

Good question!

I can't speak on behalf of cisco, I would probably ask that on the cisco learning network CCNA study group
https://learningnetwork.cisco.com/groups/ccna-study-group
free to register.

Personally, I'd pay close attention to the wording of the particular question and read all questions in there entirety!
If it does specify implementing a NAMED access list, or somewhere in the specifications they want you to give the access list a name, use ip access-list

If they give you an access list number, use access-list
You should be comfortable with using both,
Take your time and practice.

lon21

Guys when I type show access-list I can't see the seq numbers?

My software is Version 12.3(8r)T8

onesaint

I think this is just the old command vs new command. See here.

AFAIK, named ACLs allow you to edit lines within the ACL while numbered only allow you to remove the entire ACL. Although per the above link, its posted that the newer command allows you to edit older ACLs line items and reorder them. Through the Network Academy work I only recall using the "IP access-list" command.

ccnxjr

Seems to work on GNS3 IOS version 12.3(26) on a Cisco 2600 series router.
Haven't been able to see the sequence #'s using packet tracer 5.2 or 5.3 on any of the routers.

Michael2

Why would you want to name an access list?

My advice is to use the first one. Then you can do a show command and just edit out the one you don't want. Watch the video again.

Michael2

You're right, Ion21. I watched that video again and found that it is necessary to know both commands. The first allows you to simply create an access list, but the second allows you to enter nacl mode which is necessary to edit access lists. It's also a good idea to use that mode to give your access list a descriptive name such as DENY GRPA.