CCNA Security Question:

Download Job Interview Questions and Answers PDF

Configuring ACLs is an important part of working with the IOS Firewall. What wildcard masks are replaced in ACLs by the words host and any?

CCNA Security Interview Question
CCNA Security Interview Question

Answer:

We have the option of using the word host to represent a wildcard mask of 0.0.0.0.
Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.

R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1

The keyword any can be used to represent a wildcard mask of 255.255.255.255. Both of the following lines permit all traffic.

R3(config)#access-list 15 permit any

R3(config)#access-list 15 permit 0.0.0.0 255.255.255.255

There’s no “right” or “wrong” decision to make when you’re configuring ACLs in the real world. For your exam, though, I’d be very familiar with the proper use of host and any.

Download CCNA Security Interview Questions And Answers PDF

Previous QuestionNext Question
Define the term “DMZ” as it pertains to network security, and name three different common network devices that are typically found there?Identify the true statements regarding the Authentication Proxy