What filtering criteria does a standard IP access list use to filter packets?
A.
Layer 4 protocol in use
B.
source IP address of the packets
C.
destination IP address of the packets and Layer 4 protocol
D.
IP address of the router on which access list is applied
Explanation:
Access lists are sequential lists of permit or deny statements that filter traffic going through the router. Standard IP access lists filter network traffic based on the
source IP address in a packet. You can create a standard IP access list by assigning access list numbers from 1 – 99 or 1300 – 1999 (expanded standard range).
The expanded range is new set of numbers that can also be used for standard access lists.
The following command syntax shows a standard access list, with access list number 15 and IP address of the host to be denied (filtered) 192.168.144.2:
RouterA(config)# access-list 15 deny host 192.168.144.2
Extended access lists can filter traffic based on Layer 4 protocols and both source and destination IP addresses, but standard access lists cannot. The range used
for extended access lists is 100 to 199 and 2000 to 2699 (expanded range). The expanded range is an additional set of numbers that can also be used for extended
access lists.
Access lists cannot filter traffic that has originated from the filtering router. For this reason, an access list cannot filter packets based on a router’s IP address.
In review:
– Standard access list can filter based on source IP address
– Extended access lists can filter traffic based on Layer 4 protocols and by both source and destination IP addresses
Objective:
Infrastructure Services
Sub-Objective:
Configure, verify, and troubleshoot IPv4 standard numbered and named access list for routed interfaceshttps://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/12_4/sec_data_plane_12_4_book/sec_access_list_ov.html
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html