Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CCNA Interview Quest
CCNA Interview Questions and Answers part one
| Question | Answer | Answer | Answer |
|---|---|---|---|
| List the Layers of O S I Model? | Application Layer, Presentation Layer, Session Layer, | Transport Layer,Network Layer, | Data Link Layer, Physical Layer. |
| What are the Functions of Transport Layer? | On the sending device, the Transport layer is responsible for breaking the data into smaller packets, so that if any packet is lost during transmission, it will be sent again. At the receiving device, the transport layer will be responsible for opening all of the packets and reconstructing the original message. | It provides end-to-end data transport services. Establishes logical connection between the sending host and destination host on an internetwork. | Transport layer also performs sequencing. Sequencing is a connection oriented service that places TCP segments in right order if they are received out of order. |
| What are the Functions of Transport Layer receiving Device? | At the receiving device, | the transport layer will be responsible for opening | all of the packets and reconstructing the original message. |
| What are the Functions of Transport Layer end to end? | It provides transport services. | end-to-end data | transport services. |
| What are the Functions of Transport layer Connection? | Establishes logical connection host on an inter network. | between the sending host and destination | host on an inter network. |
| What are the Functions of Transport layer sequencing? | Transport layer also performs sequencing. | Sequencing is a connection oriented service | that places TCP segments in right order if they are received out of order. |
| What are the Functions of Network Layer? | The Network layer | (layer 3) | manages device addressing. |
| What are the Functions of Network Layer location? | It tracks | the location | of devices on the network. |
| What are the Functions of Network Layer data between devices? | It determines the best way | to move data between devices | that are not locally attached. |
| What are the Functions of Network Layer Routers functions? | Routers functions | at the routing services | within an inter network. |
| What are the Functions of Data Link layer? | The Data Link layer transmissiis responsible for physicalon of the data. | ||
| What are the Functions of handles error? | It handles error notification, flow control. | ||
| What are the Functions of ensures? | Data Link layer ensures that messages are delivered to the proper device on a LAN using MAC addresses. | ||
| What are the Functions of translates? | It translates messages from the Network layer into bits for the Physical layer to transmit. | ||
| What are the Functions of formats? | The Data Link layer formats the message into data frame by adding the customized header containing the hardware destination and source address. | ||
| Which Layer is responsible for reliable connection? | Transport Layer | ||
| Which Layer is responsible for error detection? | Data Link Layer performs error detection not error correction. | ||
| Which Layer is responsible for error correction? | Transport layer performs error correction | ||
| What are the functions of Application Layer | The Application layer of the O - S - I model is the layer where users actually communicate to the computer. | ||
| What are the functions of Application Layer | The Application layer is also responsible for identifying and establishing the availability of the communication partner and determines whether sufficient resources for the communication exist or not. | ||
| What are the functions of Application Layer | Services that take place at application layer are E-Mail, File Transfers, Remote Access etc. It is responsible for data translation and code formatting. | ||
| What are the functions of Presentation Layer | It is responsible for data translation and code formatting. When the presentation layer receives data from the application layer, to be sent over the network, it makes sure that the data is in the proper format. | ||
| What are the functions of Presentation Layer | If it is not, the presentation layer converts the data to the proper format. | ||
| What are the functions of Presentation Layer | On the other side of communication, when the presentation layer receives network data from the session layer, it makes sure that the data is in the proper format and once again converts it if it is not. | ||
| What are the functions of Presentation Layer | Formatting functions at the presentation layer may include compression, decompression, encryption, and decryption. | ||
| What are the functions of Session Layer | The Session layer is responsible for setting up, managing, and tearing down sessions between applications running on communicating stations. | ||
| What are the functions of Session Layer | Session layer also synchronizes dialogue between the presentation layers of the two hosts and manages their data exchange. | ||
| What are the different protocols works at each of the layers of Physical Layer? | ISDN (Integrated Services Digital Network), ADSL (Asymmetric Digital Subscriber Line), Universal Serial Bus, Bluetooth, Controller Area Network, Ethernet. | ||
| What are the different protocols works at each of the layers of Data Link layer? | Spanning Tree Protocol, VLanTrunking Protocol, Dynamic Trunking Protocol, HDLC, PPP, Frame Relay, Token Ring. | ||
| What are the different protocols works at each of the layers of Network Layer? | ICMP, IGMP, IPV4, IPV6, IPSEC, OSPF, EIGRP, RIP, BGP. | ||
| What are the different protocols works at each of the layers of Transport Layer? | TCP, UDP, GRE. | ||
| What are the different protocols works at each of the layers of Session Layer? | NFS (Network File System). | ||
| What are the different protocols works at each of the layers of Presentation Layer? | Data encryption/decryption, Data compression, Data Conversion Protocols | ||
| What are the different protocols works at each of the layers of Application Layer | DNS, DHCP, FTP, HTTP, NTP, SNMP, SMP, TELNET, TFTP, SSH. | ||
| Define Unicast? | is the term used to describe communication where a piece of information is sent to a single destination host. | ||
| Define Multicast? | is the term used to describe communication where a piece of information is sent from a single source and transmitted to many devices but not all devices. | ||
| Define Broadcast? | is the term used to describe communication where a piece of information is sent to all devices on the network segment. | ||
| What is the range Of Port Numbers? | Well Known Ports - 0 to 1023 Registered Ports -1024 to 49151 Open Ports - 49152 to 65535 | ||
| What is the difference between Simplex,? | Data can travel in one direction only. | ||
| What is the difference between Half-duplex? | Data can travel in both directions but not simultaneously. At a time Data can flow only in one direction. Example: - HUB. | ||
| What is the difference between Full-duplex? | Data can travel in both directions simultaneously. Example: - Switch. | ||
| What is the MAC Address format? | It is a 12 Digit, 48 Bit (6 Byte) Hardware address written in hexadecimal format. It consists of two parts: - The first 24 Bits O U I (Organizationally Unique Identifier) is assigned by IEEE to an organization. | ||
| What is the MAC Address Manufacturer-assigned code? | The Last 24 Bits is Manufacturer-assigned code. This portion commonly starts with 24 - 0's for the first card made and continues in order until there are 24 - 1's for the last card made. | ||
| What is a Frame? | The Data Link layer formats the message into pieces, each called a data frame and adds a customized header containing the source and destination hardware address. | ||
| What is TCP/IP Model? | TCP/IP is four layer standard model. It is robust to failures and flexible to diverse networks. Most widely used protocol for interconnecting computers and it is the protocol of the internet. | ||
| What is TCP/IP four layers of TCP/IP model? | The four layers of TCP/IP model are: Application layer, Transport layer, Internet layer, Network access layer | ||
| What are the protocols that are included by each layer of TCP/IP model Application Layer? | DNS, DHCP, FTP, TFTP, SMTP, HTTP, Telnet, SSH | ||
| What are the protocols that are included by each layer of TCP/IP model Transport Layer? | TCP, UDP | ||
| What are the protocols that are included by each layer of TCP/IP model ? | Internet Layer | ||
| What are the protocols that are included by each layer of TCP/IP model Network access layer? | Ethernet, Token Ring, FDDI, X.25, Frame Relay, ARP, RARP | ||
| What are the functions TCP Transmission | Transmission Control Protocol | ||
| What are the functions TCP connection | TCP is a connection-oriented protocol | ||
| What are the functions TCP reliable | It is reliable | ||
| What are the functions TCP sequenced | It is sequenced (TCP packets are sent in a sequence and are received in the same sequence.) | ||
| What are the functions TCP packets | Lost packets are retransmitted | ||
| What are the functions TCP Acknowledgement | Acknowledgement (received packets are acknowledged) | ||
| What are the functions TCP heavy-weight | TCP is heavy-weight. | ||
| What are the functions TCP speed | The speed for TCP is slower than UDP. | ||
| What are the functions TCP overhead | Low overhead but higher than UDP | ||
| What are the functions TCP Windowing | TCP uses Windowing and Flow Control | ||
| What are the functions TCP application | TCP is used for application that requires high reliability but not high speed. | ||
| Explain Different Types of cables straight-through? | The straight-through cable is used to connect dissimilar devices such as Host to switch or hub, Router to switch or hub. In this only pins 1, 2, 3 and 6 are used. We connect 1 to 1, 2 to 2, 3 to 3, and 6 to 6 to make a straight through cable | ||
| Explain Different Types of cables Crossover cables? | the pairs of wires are crisscross which allows two devices to communicate at the same time. In crossover cable 4 pins are used (1, 2, 3, and 6) here we connect pins 1 to 3 and 2 to 6 on each side of the cable. | ||
| Explain Different Types of cables Rollover Cable | connect a computer to the console port or auxiliary port of the router for administration Eight wires are used in this cable to connect serial devices and the order of the wires from one end of the cable to the other are totally reversed, or rolled over. | ||
| What is Ethernet? | Ethernet is a data link and physical layer specification that allows all hosts on a network to share the same bandwidth of a link. It is dominating technology used in LAN networking for controlling access to a shared network medium. | ||
| Explain CSMA/CD? | Carrier Sense Multiple Access with Collision Detection (CSMA/CD), is a protocol used to prevent collisions by enabling devices share the bandwidth evenly without allowing two devices transmit at the same time on the network. | ||
| What is ARP? | (ARP) is a network protocol, which is used to map a network layer protocol address (IP Address) to a data link layer hardware address (MAC Address). In short, ARP resolves IP address to the corresponding MAC address of the device. | ||
| Explain the use of ARP? | If a host in a network wants to communicate with another host, it can communicate only if it knows the MAC address of other host. ARP is used to get the Mac address of a host from its IP address. | ||
| What is an ARP Table (cache)? | ARP maintains a table that contains the mappings between IP address and MAC address. This table is called ARP Table. | ||
| What is the Source & Destination IP address in ARP Request | Source - Mac address of host sending the ARP request. (Senders MAC address) Destination - FF:FF:FF:FF:FF:FF (Broadcast) | ||
| What is the Source & Destination IP address in ARP Reply packet? | Source - Mac address of host replying for ARP Request. Destination - Mac address of host which generated the ARP request initially (unicast). | ||
| How can we differentiate between an ARP Request packet and ARP Reply packet? | We can differentiate ARP request packet from an ARP reply packet using the 'operation' field in the ARP packet. For ARP Request it is 1 and for ARP Reply it is 2. | ||
| What is the size of an ARP Request and ARP Reply packet? | The size of an ARP request or ARP reply packet is 28 bytes. | ||
| What is Proxy ARP? | Proxy ARP is the process in which one device responds to the ARP request for another device. Example - Host A sends an ARP request to resolve the IP address of Host B. Instead of Host B, Host C responds to this ARP equest. | ||
| What is Gratuitous ARP? | When a host sends an ARP request to resolve its own IP address, it is called Gratuitous ARP. In the ARP request packet, the source IP address and destination IP address are filled with the same source IP address itself. | ||
| What is Gratuitous ARP destination MAC? | The destination MAC address is the broadcast address (FF:FF:FF:FF:FF:FF). | ||
| What is Gratuitous ARP is used for? | Gratuitous ARP is used by the host after it is assigned an IP address by DHCP Server to check whether another host in the network does not have the same IP address. | ||
| What if the host did not get the gratuitous ARP? | If the host does not get ARP reply for a gratuitous ARP request, it means there is no another host which is configured with the same IP address. If the Host gets ARP reply than it means another host is also configured with the same IP address. | ||
| What is Reverse ARP? | Reverse ARP is used to obtain device's IP address when its MAC address is already known. | ||
| What is Inverse ARP? | Inverse ARP dynamically maps local DLCIs to remote IP addresses when Frame Relay is configured. | ||
| What is data link connection identifier (DLCI) | Frame Relay 10-bit-wide link-local virtual circuit identifier used to assign frames to a specific PVC or SVC. | ||
| What does Permanent Virtual Circuit (PVC) mean? | is a connection that is permanently established between two or more nodes in frame relay and asynchronous transfer mode (ATM) based networks. | ||
| Why would you use a Permanent Virtual Circuit (PVC)? | It enables the creation of a logical connection on top of a physical connection between nodes that communicate frequently or continuously. | ||
| What is a switched virtual circuit (SVC) | a switched virtual circuit (SVC) is a temporary virtual circuit that is established and maintained only for the duration of a data transfer session. A permanent virtual circuit (PVC) is a continuously dedicated virtual circuit. | ||
| What is IP address and it's format? | An IP address is a software address assigned to each machine on an IP network. It specifies the location of a device on the network. | ||
| how will IP addressing work? | It allows hosts on one network to communicate with the host on a different network. It is 32 bits of information | ||
| How many Bits are in a IP address? | These 32 bits are divided into four sections referred to as octets or bytes. Each octet contains 1 byte (8 bits). | ||
| What is the three format methods of an IP address? | 1. Dotted - decimal, example 2. Binary 3. Hexadecimal | ||
| What are the different Classes of IP address and give the range of each class? | Class A - 0 to 127 (0 & 127 cannot be used) Class B - 128 to 191 Class C - 192 to 223 Class D - 224 to 239 (MULTICAST ADDRESSES) Class E - 240 to 255 (RESEARCH & DEVELOPMENT) | ||
| What Class a Addresses are reserved for loopback? | Class A addresses 127.0.0.0 to 127.255.255.255 are reserved for loopback addresses. | ||
| What are Private addresses? | These addresses can be used only on private network. They cannot be routed through the internet. Private IP addresses are designed for security and they also save valuable IP address space. | ||
| What are Private addresses Range? | Class A - 10.0.0.0 to 10.255.255.255 Class B - 172.16.0.0 to 172.31.255.255 Class C - 192.168.0.0 to 192.168.255.255 | ||
| What is subnet mask? | A subnet mask is a 32-bit value that allows the recipient of an IP packet to distinguish the network ID portion of the IP address from the host ID portion of the IP address. | ||
| What is the Internet Control Message Protocol? | ICMP is basically a management protocol and messaging service provider for IP. It can provide hosts with information about network problems. | ||
| ICMP works at which layer? | It works at Network Layer. | ||
| What are various ICMP messages? | 1. Destination Unreachable. 2. Buffer Full. 3. Hops/Time Exceeded. 4. Ping. 5. Traceroute. | ||
| Which two fields in the ICMP header is used to identify the intent of ICMP message? | Type and Code. | ||
| Which ICMP message confirms the traceroute is completed? | Destination unreachable message. | ||
| Which is the importance of identification field in the IP packet? | This is used to identify each fragmented packet so that destination device can rearrange the whole communication in order. | ||
| Which device can reassemble the packet? | This is done only by the ultimate destination. | ||
| What is IP datagram? | IP datagram can be used to describe a portion of IP data. Each IP datagram has set of fields arranged in order. IP datagram has following fields Version, Header length, Type of service, Total length, Checksum, Flag, Protocol, Time to live, Identification, Source IP Address and Destination IP Address, Padding, Options and Payload. | ||
| What is Fragmentation? | Fragmentation is a process of breaking the IP packets into smaller pieces (fragments). Fragmentation is required when the datagram size is larger than the MTU. Each fragment than becomes a datagram in itself and transmitted independently from source. These datagrams are reassembled by the destination. | ||
| How the packet is reassembled? | 1. When a host receives an IP fragment, it stores this fragment in a reassembly buffer based on its fragment offset field. 2. Once all the fragments of the original IP datagram are received, the datagram is processed. 3. On receiving the first fragment, a reassembly timer is started. 4. If this reassembly timer expires before all the fragments are received than datagram is discarded. | ||
| What is MTU (Maximum Transmission Unit)? | The maximum transmission unit (MTU) of an interface tells Cisco IOS the largest IP packet that can be forwarded out on that interface. | ||
| What is the importance of Don't Fragment flag (DF), More Fragments flag (MF) flag Don’t fragment bit? | If Don't Fragment flag (DF) bit is set, fragmentation is not allowed. When a router needs to forward a packet larger than the outgoing interface’s MTU, the router either fragments the packet or discards it. If the IP header’s Do Not Fragment (DF) bit is set, means fragmentation is not allowed and the router discards the packet. If the DF bit is not set, means fragmentation is allowed and the router can perform fragmentation on the packet. | ||
| What is the importance of Don't Fragment flag (DF), More Fragments flag (MF) flag More fragment bit? | More fragment bit If MF bit is set to 1 means more fragments are coming. If it is set to 0 means this is the Last Fragment. All fragments that belong to an IP datagram will have more fragments bit set except for the final fragment. The final fragment does not have the more fragment bit set indicating that this is the last fragment. This is how the destination device comes to know that it has collected all the fragments of the IP datagram. | ||
| What is the purpose of fragment offset? | It is used to define the size of each fragmented packet. | ||
| What is the importance of TTL value? | It defines how long a packet can travel in the network. It is the number of hops that the IP datagram will go through before being discarded. At every hop TTL value is decremented by 1. When this field becomes zero, the packet is discarded. This behavior helps prevent routing loops. | ||
| What does the protocol field determines in the IP packet? | The Protocol field is an 8-bit field that identifies the next level protocol. It indicates to which upper-layer protocol this datagram should be delivered, Example: - ICMP, TCP, UDP. | ||
| What is TCP? | Transmission Control Protocol is a connection oriented protocol. This means that before any data transfer can take place, certain parameters has to be negotiated in order to establish the connection. | ||
| Explain TCP Three Way Handshake process For Reliable connection? | For Reliable connection the Transmitting device first establishes a connection-oriented (reliable) session with its peer system, which is called three way handshake. Data is then transferred. When the data transfer is finished, connection is terminated and virtual circuit is teared down. 1. The initiating host sends a TCP SYN segment indicating the desire to open the connection. This TCP segment contains the initiating host’s initial sequence number X. | ||
| Explain TCP Three Way Handshake process When destination | (target host) receives TCP SYN, It acknowledges this with Ack (X+1) as well as its own SYN Y (It informs source what sequence number it will start its data with and will use in further messages). This response is called SYN/ACK. | ||
| Explain TCP Three Way Handshake process The initiating host sends | The initiating host sends an ACK (ACK = Y+1) segment indicating that the connection is set up. Data transfer can then begin. During this 3 way Handshake, devices are negotiating parameters like Window Size etc. | ||
| What does Window Size indicate? | It is 16-bit window field which indicates the number of bytes a sender will send before receiving an acknowledgment from the receiver. | ||
| What is the purpose of RST bit? | When the connection is not allowed by destination, connection is reset. RST bit is used to reset the connection. | ||
| What are TCP Flags PUSH (PSH)? | It pushes the buffered data to the receiver’s application. If data is to be send on immediate basis we will push it. | ||
| What are TCP Flags Reset (RST) | It resets the connection. | ||
| What are TCP Flags Urgent (URG) | It is use to set the priority to tell the receiver that this data is important for you. | ||
| What are TCP Flags Acknowledgement (ACK) | All packets after SYN packet sent by client should have this flag set. ACK=10 means Host has received 0 through 9 and is expecting byte 10 Next. | ||
| What are TCP Flags Synchronize (SYN) | SYN is the first message to be sent. It initiates the connection and synchronizes the sequence number. | ||
| What is the difference between PUSH and URG flag? | The PSH flag in the TCP header informs the receiving host that the data should be pushed up to the receiving application immediately. The URG flag is used to inform a receiving station that certain data within a segment is urgent and should be prioritized. | ||
| What is the importance of Sequence Number? | Sequence Number is a 32-bit field which indicates the amount of data that is sent during a TCP session. By Sequence Number sender can be assured that the receiver received the data because the receiver uses this sequence number as the acknowledgment number in the next segment it sends to acknowledge the received data. When the TCP session starts, the initial sequence number can be any number in the range 0–4,294,967,295. | ||
| What is the importance of Acknowledgement Number? | is used to acknowledge the received data and is equal to the received sequence number plus 1. | ||
| What is ACL? | Access Control List is a packet filtering method that filters the IP packets based on source and destination address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network traffic. | ||
| What are different Types of ACL? | 1. Standard Access List. 2. Extended Access List. | ||
| Explain Standard Access List? | Standard Access List examines only the source IP address in an IP packet to permit or deny that packet. It cannot match other field in the IP packet. Standard Access List can be created using the access-list numbers 1-99 or in the expanded range of 1300-1999. Standard Access List must be applied close to destination. As we are filtering based only on source address, if we put the standard access-list close to the source host or network than nothing would be forwarded from source. | R1(config)# access-list 10 deny host 192.168.1.1 R1(config)# interface fa0/0 R1(config-if)# ip access-group 10 in | |
| Explain Extended Access List? | Extended Access List filters the network traffic based on the Source IP address, Destination IP address, Protocol Field in the Network layer, Port number field at the Transport layer. Extended Access List ranges from 100 to 199, in expanded range 2000-2699. | ||
| Extended Access List should be placed? | Extended Access List should be placed as close to source as possible. Since extended access list filters the traffic based on specific addresses (source IP, destination IP) and protocols, we don’t want our traffic to traverse the entire network just to be denied wasting the bandwidth. | R1(config)# access-list 110 deny tcp any host 192.168.1.1 eq 23 R1(config)# interface fa0/0 R1(config-if)# ip access-group 110 in | |
| What is Wildcard Mask? | Wildcard mask is used with ACL to specify an individual hosts, a network, or a range of network. Whenever a zero is present, it indicates that octet in the address must match the corresponding reference exactly. Whenever a 255 is present, it indicates that octet needs not to be evaluated. Wildcard mask is completely opposite to subnet mask. | Example- For /24 Subnet Mask - 255.255.255.0 Wildcard Mask - 0.0.0.255 | |
| How to permit or deny specific Host in ACL? | 1. Using a wildcard mask "0.0.0.0" Example - 192.168.1.1 0.0.0.0 or 2.Using keyword "Host" Example - Host 192.168.1.1 | ||
| In which directions we can apply an Access List? | We can apply access list in two directions | IN - ip access-group 10 in OUT - ip access-group 10 out | |
| Difference between inbound access-list and outbound access-list? | When an access-list is applied to inbound packets on interface, those packets are first processed through ACL and then routed. Any packets that are denied won’t be routed. When an access-list is applied to outbound packets on interface, those packets are first routed to outbound interface and then processed through ACL. | ||
| Difference between #sh access-list command and #sh run access-list command? | # sh access-list shows number of hit counts. # sh run access-list does not show number of hit counts. | ||
| How many Access Lists can be applied to an interface on a Cisco router? | We can assign only one access list per interface per protocol per direction which means that when creating an IP access lists, we can have only one inbound access list and one outbound access list per interface. Multiple access lists are permitted per interface, but they must be for a different protocol. | ||
| How Access Lists are processed? | Access lists are processed in sequential order, evaluating packets from top to down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and against any more access list statements. | Because of this, the order of the statements within any access list is significant. There is an implicit ―deny‖ at the end of each access list which means that if a packet doesn’t match the condition on any the packet is not evaluated of the lines in the access list, the packet will be discarded. | |
| What is at the end of each Access List? | At the end of each access list, there is an implicit deny statement denying any packet for which the match has not been found in the access list. | Key Information: Any access list applied to an interface without an access list being created will not filter traffic. Access lists only filters traffic that is going through the router. They will not filter the traffic that has originated from the router. If we will remove one line from an access list, entire access-list will be removed. Every Access list should have at least one permit statement or it will deny all traffic. | |
| What is NAT? | Network Address Translation translates the private addresses into public addresses before packets are routed to public network. It allows a network device such as router to translate addresses between the private and public network. | ||
| What are the Situations where NAT is required? | 1. When we need to connect to internet and our hosts doesn't have globally unique IP addresses. 2. When we want to hide internal IP addresses from outside for security purpose. 3. A company is going to merge in another company which uses same address space. | ||
| What are the advantages of Nat? | 1. It conserves legally registered IP addresses. 2. It prevents address overlapping. 3. Provides security by hiding internal (private) IP addresses. 4. Eliminates address renumbering as a network evolves. | ||
| What are different types of NAT? | There are mainly three types of NAT: - 1. Static NAT 2. Dynamic NAT 3. Port Address Translation (Overloading) | ||
| What is Static NAT? | Static NAT allows for one to one mapping that is it translates one Private IP address to one Public IP address. | R1(config)# ip nat inside source static 10.1.1.1 15.36.2.1 R1(config)# interface fa0/0 R1(config-if)# ip nat inside (It identifies this interface as inside interface) R1(config)# interface fa0/1 R1(config-if)# ip nat outside (It identifies this interface as outside interface) | In ip nat inside source command, we can see that the command is referencing the inside interface as source or starting point of the translation. |
| What is Dynamic NAT? | |||
| What is Wildcard Mask? | Wildcard mask is used with ACL to specify an individual hosts, a network, or a range of network. Whenever a zero is present, it indicates that octet in the address must match the corresponding reference exactly. Whenever a 255 is present, it indicates that octet needs not to be evaluated. Wildcard mask is completely opposite to subnet mask. | Example- For /24 Subnet Mask - 255.255.255.0 Wildcard Mask - 0.0.0.255 | |
| How to permit or deny specific Host in ACL? | 1. Using a wildcard mask "0.0.0.0" Example - 192.168.1.1 0.0.0.0 | 2.Using keyword "Host" Example - Host 192.168.1.1 | |
| In which directions we can apply an Access List? | We can apply access list in two directions: | IN - ip access-group 10 in OUT - ip access-group 10 out | |
| What is the Difference between inbound access-list and outbound access-list? | When an access-list is applied to inbound packets on interface, those packets are first processed through ACL and then routed. Any packets that are denied won’t be routed. When an access-list is applied to outbound packets on interface, those packets are first routed to outbound interface and then processed through ACL. | ||
| what is theDifference between #sh access-list command and #sh run access-list command? | # sh access-list shows number of hit counts | # sh run access-list does not show number of hit counts. | |
| How many Access Lists can be applied to an interface on a Cisco router? | We can assign only one access list per interface per protocol per direction which means that when creating an IP access lists, we can have only one inbound access list and one outbound access list per interface. Multiple access lists are permitted per interface, but they must be for a different protocol. | ||
| How Access Lists are processed? | Access lists are processed in sequential order, evaluating packets from top to down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not evaluated against any more access list statements. Because of this, the order of the statements within any access list is significant. | There is an implicit ―deny‖ at the end of each access list which means that if a packet doesn’t match the condition on any of the lines in the access list, the packet will be discarded. | |
| What is at the end of each Access List? | At the end of each access list, there is an implicit deny statement denying any packet for which the match has not been found in the access list. | ||
| What is Wildcard Mask? | Wildcard mask is used with ACL to specify an individual hosts, a network, or a range of network. | Whenever a zero is present, it indicates that octet in the address must match the corresponding reference exactly. | Whenever a 255 is present, it indicates that octet needs not to be evaluated. Wildcard mask is completely opposite to subnet mask. |
| What are TCP Flags Finish (FIN) | It finishes the session. It means no more data from the sender. | ||
| Explain Named ACL and its advantages over Number ACL? | It is just another way of creating standard and extended ACL. In named ACL names are given to identify access-list. It has following advantage over number ACL: - In name ACL we can give sequence number which means we can insert a new statement in middle of ACL. | R1(config)# ip access-list extended CCNA R1(config)# 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23 R1(config)# exit This will insert above statement at Line 15. R1(config)# interface fa0/0 R1(config-if)# ip access-group ccna in |
Created by:
edjwebb
Popular Computers sets