2 Answers

Which statement about an access control list that is applied to a router interface is true?

Asked by: 96 views , ,
640-554

Which statement about an access control list that is applied to a router interface is true?

A.
It only filters traffic that passes through the router.

B.
It filters pass-through and router-generated traffic.

C.
An empty ACL blocks all traffic.

D.
It filters traffic in the inbound and outbound directions.

2 Answers



  1. eximin on Oct 04, 2013 Reply

    Answers: A
    It only filters traffic that passes through the router.

    0 Votes Thumb up 0 Votes Thumb down 0 Votes



  2. emcmin on Apr 30, 2014 Reply

    Answers: A
    It only filters traffic that passes through the router.

    Explanation:

    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-acl-ovgdl.html
    The Order in Which You Enter Criteria Statements
    Note that each additional criteria statement that you enter is appended to the end of the access list
    statements.
    Also note that you cannot delete individual statements after they have been created. You can only
    delete an entire access list.
    The order of access list statements is important! When the router is deciding whether to forward or
    block a packet, the Cisco IOS software tests the packet against each criteria statement in the

    order in which the statements were created. After a match is found, no more criteria statements
    are checked.
    If you create a criteria statement that explicitly permits all traffic, no statements added later will
    ever be checked. If you need additional statements, you must delete the access list and retype it
    with the new entries.
    Apply an Access Control List to an Interface
    With some protocols, you can apply up to two access lists to an interfacE. one inbound access list
    and one outbound access list. With other protocols, you apply only one access list that checks
    both inbound and outbound packets.
    If the access list is inbound, when a device receives a packet, Cisco software checks the access
    list’s criteria statements for a match. If the packet is permitted, the software continues to process
    the packet. If the packet is denied, the software discards the packet.
    If the access list is outbound, after receiving and routing a packet to the outbound interface, Cisco
    software checks the access list’s criteria statements for a match. If the packet is permitted, the
    software transmits the packet. If the packet is denied, the software discards the packet.
    Note
    Access lists that are applied to interfaces on a device do not filter traffic that originates from that
    device.
    The access list check is bypassed for locally generated packets, which are always outbound.
    By default, an access list that is applied to an outbound interface for matching locally generated
    traffic will bypass the outbound access list check; but transit traffic is subjected to the outbound
    access list check.

    0 Votes Thumb up 0 Votes Thumb down 0 Votes