Home » Cisco » 640-554 » How are Cisco IOS access control lists processed?
How are Cisco IOS access control lists processed?
A. Standard ACLs are processed first.
B. The best match ACL is matched first.
C. Permit ACL entries are matched first before the deny ACL entries.
D. ACLs are matched from top down.
E. The global ACL is matched first before the interface ACL.
Get Latest & Actual 640-554 Exam’s Question and Answers from Passleader.
http://www.passleader.com
Correct Answer: D
Explanation/Reference:
Explanation:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9 a.shtml
Process ACLs
Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted. A single-entry ACL with only one deny entry has the effect of denying all traffic. You must have at least one permit statement in an ACL or all traffic is blocked. These two ACLs (101 and 102) have the same effect.