CCNA Quick Notes – Access Lists
1.Besides named access lists, what are the two types of IP access lists?
The two types of IP access lists are standard and extended.
What criteria do standard IP access lists use to filter packets?
Standard IP access lists filter packets by the source address. This results in the packet's being
permitted or denied for the entire protocol suite based on the source network IP address.
2.What criteria do extended IP access lists use to filter packets?
Extended IP access lists filter packets by source address, destination address, protocols, and
3.In what two ways can IP access lists be applied to an interface?
Access lists can be applied as inbound or outbound access lists. Inbound access lists process
packets as they enter a router's interface and before they are routed. Outbound access lists
process packets as they exit a router's interface and after they are routed.
4.How many access lists can be applied to an interface on a Cisco router?
Only one access list per protocol, per direction, per interface can be applied on a Cisco router.
Multiple access lists are permitted per interface, but they must be for a different protocol.
5.How are access lists processed?
Access lists are processed in sequential, logical order, evaluating packets from the top down,
one statement at a time. As soon as a match is made, the permit or deny option is applied, and
the packet is not applied to any more access list statements. Because of this, the order of the
statements within any access list is significant.
6.What is at the end of each access list?
At the end of each access list, an implicit deny statement denies any packet not filtered in the
7.What are the number ranges used to define standard and extended IP access lists?
The number ranges used to define standard and extended IP access lists are as follows:
• Standard IP access lists 1 to 99 and 1300 to 1999• Extended IP access lists 100 to 199 and
2000 to 2