FAQ ON ACL ROUTING# INTERVIEW PREP GUIDE ABOUT BGP ROUTING
🔹 What is an Access List (ACL) ?
An ACL is a rule set used on routers/firewalls to permit or deny traffic based on defined criteria.
🔹 Why are ACLs used ?
To control traffic flow and enhance network security.
🔹 Where are ACLs configured ?
On routers, Layer 3 switches, and firewalls.
🔹 What does an ACL examine ?
Source IP, destination IP, protocol, and ports (depending on type).
🔹 What is the default behavior of an ACL ?
Implicit deny all at the end.
🔹 What is an ACL entry called ?
An ACE (Access Control Entry).
🔹 Are ACLs stateful ?
No, traditional ACLs are stateless.
🔹 What happens if no ACL matches a packet ?
The packet is denied.
🔹 Can ACLs log traffic ?
Yes, with logging options.
🔹 Do ACLs affect performance ?
Yes, especially if very large or poorly ordered.
🔹 What is a Standard ACL ?
Filters traffic based only on source IP.
🔹 What is an Extended ACL ?
Filters using source, destination, protocol, and ports.
🔹 What is a Numbered ACL ?
ACL identified by a number.
🔹 What is a Named ACL ?
ACL identified by a name.
🔹 What is a Dynamic ACL ?
ACL entries created temporarily for authenticated users.
🔹 What is a Reflexive ACL ?
Creates temporary entries for return traffic.
🔹 What is a Time-based ACL ?
ACL active during specified time ranges.
🔹 What is an IPv6 ACL ?
ACL designed for IPv6 traffic.
🔹 What is a MAC ACL ?
Filters based on MAC addresses (Layer 2).
🔹 What is a VACL ?
VLAN Access Control List applied within VLANs.
🔹 In what order are ACL rules processed ?
Top to bottom, first match wins.
🔹 Why is rule order important ?
Because processing stops at the first match.
🔹 What is a wildcard mask ?
Inverse mask used to match IP ranges.
🔹 What does 0.0.0.0 wildcard mean ?
Match exactly one IP.
🔹 What does 255.255.255.255 wildcard mean ?
Match any IP.
🔹 What keyword matches all IPs ?
any.
🔹 What is the difference between subnet mask and wildcard mask ?
Subnet mask defines network; wildcard defines matching range.
🔹 Can ACLs filter by port numbers ?
Yes, extended ACLs can.
🔹 Can ACLs filter by protocol ?
Yes (TCP, UDP, ICMP, etc.).
🔹 What is the implicit deny statement ?
deny ip any any.
🔹 Where should a Standard ACL be placed ?
Close to the destination.
🔹 Where should an Extended ACL be placed ?
Close to the source.
🔹 What is inbound ACL ?
Filters traffic entering an interface.
🔹 What is outbound ACL ?
Filters traffic leaving an interface.
🔹 Can one interface have multiple ACLs ?
Yes, per direction and protocol.
🔹 Can ACLs be applied to VTY lines ?
Yes, to restrict Telnet/SSH access.
🔹 Can ACLs control routing updates ?
Yes, with distribute-lists.
🔹 Can ACLs be used in NAT ?
Yes, to define traffic for translation.
🔹 Can ACLs be used in QoS ?
Yes, to classify traffic.
🔹 Can ACLs block specific websites ?
Indirectly, by blocking IP/ports (not URLs).
🔹 What happens if ACL is applied in wrong direction ?
Traffic may be unintentionally blocked.
🔹 How do you remove an ACL ?
By deleting it from the interface and configuration.
🔹 What command verifies ACL hits ?
Show ACL counters/statistics.
🔹 What is sequence numbering in ACL ?
Allows editing entries without deleting ACL.
🔹 Can ACLs be edited ?
Yes, especially named ACLs with sequence numbers.
🔹 What is the purpose of logging in ACL ?
To monitor denied/allowed traffic.
🔹 Do ACLs encrypt traffic ?
No.
🔹 What is the main limitation of ACLs ?
They are stateless and basic compared to firewalls.
🔹 Are ACLs still relevant today ?
Yes, widely used in networking.
🔹 What is the primary goal of an ACL ?
To control and secure network traffic flow.
