CCNA DC FAQ: IPv4 Access Control Lists on Cisco Nexus Switches
Figure: Backdrop for Discussion of List Process with IP ACLs
Q1. Barney is a host with IP address 10.1.1.1 in subnet 10.1.1.0/24. Which of the following are things that a standard IP ACL could be configured to do? (Choose two answers.)
a. Match the exact source IP address.
b. Match IP addresses 10.1.1.1 through 10.1.1.4 with one access-list command without matching other IP addresses.
c. Match all IP addresses in Barney’s subnet with one access-list command without matching other IP addresses.
d. Match only the packet’s destination IP address.
Q2. Which of the following wildcard masks is most useful for matching all IP packets in subnet 10.1.128.0, mask 255.255.255.0?
Q3. Which of the following masks is most useful for matching all IP packets in subnet 10.1.128.0, mask 255.255.240.0?
Q4. ACL 1 has three statements, in the following order, with address and mask values as follows: 18.104.22.168/8, 22.214.171.124/16, and 126.96.36.199/24. If a router tried to match a packet sourced from IP address 188.8.131.52 using this ACL, which ACL statement does a router consider the packet to have matched?
d. Implied deny at the end of the ACL
Q5. On a Cisco Nexus switch, what command will allow only host 10.1.1.1 to talk with host 192.168.1.3 for web traffic that is unencrypted for ACL web subcommands?
a. permit tcp host 10.1.1.1 host 192.168.1.3 eq 80
b. permit ip 10.1.1.0/24 host 192.168.1.3
c. permit tcp 10.1.1.0/24 192.168.1.0/24 eq 80
d. permit ip any any
Q6. Which AAA method allows a user after login to access to a certain configuration level on a Cisco network device?