CCNA Security Question:
Download Job Interview Questions and Answers PDF
Configuring ACLs is an important part of working with the IOS Firewall. What wildcard masks are replaced in ACLs by the words host and any?
Answer:
We have the option of using the word host to represent a wildcard mask of 0.0.0.0.
Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255. Both of the following lines permit all traffic.
R3(config)#access-list 15 permit any
R3(config)#access-list 15 permit 0.0.0.0 255.255.255.255
There’s no “right” or “wrong” decision to make when you’re configuring ACLs in the real world. For your exam, though, I’d be very familiar with the proper use of host and any.
Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255. Both of the following lines permit all traffic.
R3(config)#access-list 15 permit any
R3(config)#access-list 15 permit 0.0.0.0 255.255.255.255
There’s no “right” or “wrong” decision to make when you’re configuring ACLs in the real world. For your exam, though, I’d be very familiar with the proper use of host and any.
Download CCNA Security Interview Questions And Answers
PDF