Answers to the Chapter 7 Q&A Section 765
30
Configure a named IP access list that allows only packets from subnet 193.7.6.0,
255.255.255.0, going to hosts in network 128.1.0.0 and using a Web server in 128.1.0.0,
to enter serial 0 on some router.
ip access-list extended barney
permit tcp 193.7.6.0 0.0.0.255 128.1.0.0 0.0.255.255 eq www
!
interface serial 0
ip access-group barney in
A "deny all" is implied at the end of the list.
31
List the types of IP access lists (numbered standard, numbered extended, named standard,
named extended) that can be enabled to prevent Telnet access into a router. What
commands would be used to enable this function, assuming that access-list 2 was already
configured to match the right packets?
Any type of IP access list can be enabled for preventing VTY access. The command line
vty 0 4, followed by ip access-group 2 in, would enable the feature using access-list 2.
32
What command could someone who has only the telnet password, not the enable
password, use to find out what IPX access lists were enabled on which interfaces?
The show ipx interfaces command lists all interfaces and details about each interface,
including the name and number of all standard, extended, and SAP access lists enabled on
each interface.
33
What command would display the contents of IPX access-list 904, and that access list
alone?
Both the show access-list 904 and the show ipx access-list 904 commands would show
the same contents. Both actually show the information in the same format.
34
What command lists the IP extended access lists enabled on serial 1 without showing
other interfaces?
The show ip interface serial 1 command lists the names and numbers of the IP access
lists enabled on serial 1.
apA.fm Page 765 Monday, March 20, 2000 5:24 PM