Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CCNA 640-607 and Access Lists

Status
Not open for further replies.
IPSI

IPSI

Technical User
Jan 16, 2003
117
US
A quick question for the great members of this group.

I am going to take the CCNA 640-607 exam on Monday and I feel pretty good about most of the material, with one exception... Access lists. How much do I need to know about access lists? I have very little experience with intranet security, and I am not real sure what the key features and commands are that I am going to have to study for the exam.

Just so you know where I am coming from, I am a long time voice guy and I have worked with Cisco routers and switches on and off for about 5 years (never configuring my own access lists). For the exam I am using the Cisco Press CCNA Certification Guide by Wendell Odom, the Cisco Press CCNA Practical Studies guide, and the Sybex CCNA Study Guide by Todd Lammele and I have been studying on and off for about a year.

Thanks for any help and suggestions.

IPSI
 
Sort by date Sort by votes
From what I remember two years ago, you needed to know the AC ranges (100= standard, 101=extended, etc...), also what end of the network you would put the standard ac list at ( source or destination), and the good old implicit deny statement.
 
Upvote 0 Downvote
jsteve,
actually, the standard range for access-list is 1-99
the extended access-list range is 100-199

ipsi,
pay close attention to optional access-list keywords such as tcp, host, ip, any, in and out. know when and how to use them.
good luck to you
 
Upvote 0 Downvote
I've got the CCNA (607) so I'm in the same boat.

One other thing to remember, the access lists are built in global config mode:

CONF# ACCESS-LIST 1 PERMIT 192.168.1.1 ANY

But they are applied in Interface config mode:

CONF-IF# IP ACCESS-GROUP 1 IN

One access list can be used by more than one interface.

Good luck! Let us know how you got on...
 
Upvote 0 Downvote
You must understand the logic of the Access List - there is not much to it, why not allocate 2 hours to wading through it!! - t'is better to pass the exam, knowing the material..

Good luck
 
Upvote 0 Downvote
Thanks for all the advice!!! I believe I will go with ElijaBailey's advice and go through the chapters.

IPSI
 
Upvote 0 Downvote
It seems like you know your weaknesses, well... That's a good finish. Try to post some examples next time and others will be able to help you better! Here goes!

Remember, when using access-lists you have to know when to use what, i.e. "IP Access-list permit TCP" (use Port#s), if you see TCP, and if you use ip (use IP address) at the end of your permit statement. IP = IP addresses, TCP means Port Numbers! Don't forget the process of elimination!

After applying the access-list, the access-group needs to be applied to the interface that you want to permit/deny traffic.

is a good start... their really good at figuring out your weaknesses.

/northgatenet
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mogles49
  • Locked
  • Question
CCNA 200-125 exam
Replies
0
Views
321
Mogles49
Mogles49
doktor
  • Locked
  • Question
"642-437 - Implementing Cisco Unified Communications Voice over IP and QoS v8.0 (CVOICE v8.0)&q
Replies
1
Views
205
gnrslash4life
gnrslash4life
satian
  • Locked
  • Helpful tip
Best CCNA practice paper for CISCO certification
Replies
1
Views
228
jabbo99
jabbo99
MrOyvind
  • Locked
  • Question
The best CCNA books
Replies
0
Views
131
MrOyvind
MrOyvind
SamBones
  • Locked
  • Question
CISSP Test Prep and Recommendations
Replies
0
Views
172
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top