DOC

CCNA 640-607 Memorization Lists.doc - appsremote.com

By Earl Murray,2014-06-17 08:10
7 views 0
CCNA 640-607 Memorization Lists.doc - appsremote.com ...

CCNA 640-607 Memorization Lists

    CCNA 640-607 Memorization Lists

    The following are lists and explanations that you should memorize for the CCNA 640-607 exam. You may or may not receive any questions from some of these lists. It depends on the exam you get. It’s best to be safe and know them.

Cisco Access Lists

    Access List Type Number Range

IP Standard 1-99

    IP Extended 100-199

    Protocol Type-Code 200-299

    DECnet 300-399

    XNS Standard 400-499

    XNS Extended 500-599

    AppleTalk 600-699

    48-Bit MAC Address 700-799

    IPX Standard 800-899

    IPX Extended 900-999

    IPX SAP 1000-1099

    Extended 48-Bit MAC Address 1100-1199

    IPX Summary Address (NLSP) 1200-1299

Cisco Access Lists Command Formats, etc.

Standard IP Access Lists

    This is the command format for a standard IP access list (notice that you can only use a source address, not a destination address, in a standard IP access list): access-list [number] [permit or deny] [source address]

    Here is an example of configuring a standard IP access list (this is done in configuration mode within privileged EXEC mode):

    RouterA(config)#access-list 12 permit 172.17.35.3

Extended IP Access Lists

This is the command format for an extended IP access list:

    access-list [number] [permit or deny] [protocol] [source] [destination] [port]

    Here is an example of configuring an extended IP access list (this is done in configuration mode within privileged EXEC mode):

    RouterA(config)#access-list 120 permit tcp any any eq www tcp is the protocol,

    any is any source address, any is any destination address, eq www is the port (Remember that when filtering by port, you cannot use IP as the protocol. You can only use TCP, UDP, or ICMP)

    1

    Copyright ? 2000 - 2002 CCxx Productions. All rights reserved. Do not duplicate or redistribute in any form.

CCNA 640-607 Memorization Lists

    Standard IPX Access Lists

    This is the command format for a standard IPX access list (notice that you can use both a source address and a destination address in the standard IPX access list): access-list [number] [permit or deny] [source address] [destination address]

    Here is an example of configuring a standard IPX access list (this is done in configuration mode within privileged EXEC mode):

    RouterA(config)#access-list 820 permit 30 10 30 is the source, 10 is the destination

Extended IPX Access Lists

This is the command format for an extended IPX access list:

    access-list [number] [permit or deny] [protocol] [source] [socket] [destination] [socket]

    Here is an example of configuring an extended IPX access list (this is done in configuration mode within privileged EXEC mode):

    RouterA(config)#access-list 930 permit 1 1 0 1 0 -1 is any protocol, -1 is any

    source, 0 is the socket, -1 is any destination, 0 is the socket

IPX SAP Filters

This is the command format for an IPX SAP Filter:

    access-list [number] [permit or deny] [source address] [service type]

    Here is an example of configuring an IPX SAP filter (this is done in configuration mode within privileged EXEC mode):

    RouterA(config)#access-list 1080 permit 12.0000.0000.0001 0 12.0000.0000.0001

    is the source address which is the network/node address of the server, 0 is any service type

Applying access lists and SAP Filters to an interface

    Remember, after you configure an access list or SAP Filter, it doesn’t do you any good unless it is applied to an interface. You must be in interface configuration mode within privileged EXEC mode and you must use the command “access-group” to apply an

    access list and “input-sap-filter” to apply a SAP Filter. Here are examples:

RouterA(config-if)#ip access-group 12 out applies standard IP access list 12 to

    outgoing packets on the chosen interface

    RouterA(config-if)#ipx access-group 930 in applies extended IPX access list 930

    to incoming packets on the chosen interface

    RouterA(config-if)#ipx input-sap-filter 1080 applies IPX SAP Filter 1080 to the

    chosen interface

2

    Copyright ? 2000 - 2002 CCxx Productions. All rights reserved. Do not duplicate or

    redistribute in any form.

CCNA 640-607 Memorization Lists

    Cisco Access List Wildcard Masking with IP access lists

    Wildcards are used to specify a single host, an entire network, or part of a network. They can be used in standard IP or extended IP access lists. 0’s within the mask must match up exactly and 255’s within the mask can be anything.

Specifying a single host

host 172.16.10.3 is the same as specifying 172.16.10.3 0.0.0.0 . Since the wildcard mask

    is all 0’s, this means that each octet must match up exactly, specifying a single host.

    For example, the following two commands are the same, specifying the single host 172.16.10.3:

    access-list 75 permit host 172.16.10.3

    access-list 75 permit 172.16.10.3 0.0.0.0

Specifying all networks and all hosts

any is the same as specifying 0.0.0.0 255.255.255.255 .Since the wildcard mask is all

    255’s and no particular network is specified, this means that it doesn’t matter what each octet is, specifying any host on any network.

    For example, the following two commands are the same:

    access-list 75 permit 0.0.0.0 255.255.255.255

    access-list 75 permit any

(Note: When using IPX access lists, -1 is just like using the any keyword. It refers to any

    IPX network address)

Specifying a whole network

The mask must contain 0’s to specify a particular network and 255’s to specify all the

    hosts within that network.

    For example, the following command would permit all the hosts within the 172.16.0.0 network:

    access-list 75 permit 172.16.0.0 0.0.255.255

    This command means that the 172.16 must match up exactly because the wildcard mask for those two octets are 0’s. Since the wildcard mask for the last two octets are 255’s, it doesn’t matter what the last two octet’s are. They could be anything.

Specifying a part of a network or a portion of available hosts

    To do this, you need to understand block sizes. These block sizes are used to specify a block of addresses. Some of the different block sizes available are 64, 32, 16, 8, and 4.