Answers to the Chapter 7 Q&A Section 759
9
Name all the items that a SAP access list can examine to make a match.
·
Network
·
IPX address (network and node)
·
Subnets of the first two using a wildcard
·
Service type
·
Server name
Many people would consider checking the network number and checking a full IPX
address as the same item. These functions are listed separately here only to make sure you
recall that both variations are possible.
10
Can standard IP access lists be used to check the source IP address when enabled with
the ip access-group 1 in command, and can they check the destination IP addresses when
using the ip access-group 1 out command?
No. Standard IP access lists check only the source IP address, regardless of whether the
packets are checked when inbound or outbound.
11
How many IP extended access-list commands are required to check a particular port
number on all IP packets?
Two statements are required. If the protocol type IP is configured, the port number is not
allowed to be checked. So, the TCP or UDP protocol type must be used to check the port
numbers. Therefore, if port 25 needs to be checked for both TCP and UDP, two statements
are needed: one for TCP and one for UDP.
12
True or false: If all IP or IPX access list statements in a particular list define the deny
action, then the default action is to permit all other packets.
False. The default action at the end of any IP or IPX access list is to deny all other packets.
13
In an IPX access list with five statements, a no version of the third statement is issued in
configuration mode. Immediately following, another access list configuration command is
added for the same access list. How many statements are in the list now, and in what
position is the newly added statement?
Only one statement will remain in the list: the newly added statement. The no access-list
x command deletes the entire access list, even if all the parameters in an individual
command are typed in when issuing the no version of the command.
apA.fm Page 759 Monday, March 20, 2000 5:24 PM