According to Cisco best practices, which of the following is true about the ideal application of an extended access list? (Select the best answer.)

Last Updated on August 4, 2021 by Admin 3

According to Cisco best practices, which of the following is true about the ideal application of an extended access list? (Select the best answer.)

  • It should be applied in the inbound direction on the interface that is as close to the destination aspossible.
  • It should be applied in the outbound direction on the interface that is as close to the destination aspossible.
  • It should be applied in the inbound direction on the interface that is as close to the source as possible.
  • It should be applied in the outbound direction on the interface that is as close to the source as possible.
Explanation:
According to Cisco best practices, extended access control lists (ACLs) should be applied in the inbound direction on the interface that is as close to the source as possible. ACLs are used to identify traffic. Once identified, the traffic can then be filtered, analyzed, forwarded, or influenced in various ways. ACLs can be identified by an access list number or an access list name. Numbered ACLs ranging from 1 through 99 are standard ACLs and can identify traffic based on only the source IP address. Numbered ACLs ranging from 100 through 199 are extended ACLs and can identify traffic based on source and destination IP addresses as well as traffic type.
ACLs can consist of multiple access list statements, which are also known as access control entries (ACEs). Packets are compared to each statement in sequence until a match is found. The permit and deny keywords are used to indicate whether matching packets should be forwarded or dropped, respectively. If the packet does not match any of the access list statements, the packet is dropped. This is called the implicit deny rule? all traffic is dropped unless it is matched by one of the access list statements that is configured with the permit keyword.
An ACL does not perform an action until it is applied to an interface. Only one ACL can be configured per interface per direction. This means that a particular interface can be configured for one inbound and one outbound ACL. According to Cisco best practices, extended IP ACLs should be placed as close as possible to the source of traffic because extended ACLs have the ability to specify a destination IP address and port. By contrast, standard ACLs should be placed as close to the destination network as possible because they can filter addresses based on only the source IP address. If a standard ACL is placed too close to the source network, it is possible that the limited granularity of the standard ACL could unintentionally cause legitimate traffic to be filtered.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments