Which order to apply access lists?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey, I have my CCNA exam on Tuesday and I have bought the Boson software to practice on.

I seem to be getting the right access lists from the drag and drop options, but I am applying them in the wrong order apparently.

Can anyone shed some light on the rules for this as I can't seem to see any logic or patterns....

thanks

Jamie

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Access Lists go from the top down e.g.

ip access-list extended LANTraffic
permit tcp 192.168.0.0 0.0.0.255 host x.x.x.x eq smtp
permit tcp 192.168.1.0 0.0.0.255 host x.x.x.x eq smtp
permit tcp 192.168.0.0 0.0.0.255 host x.x.x.x eq smtp
permit tcp 192.168.0.0 0.0.0.255 host x.x.x.x eq pop3
permit tcp 192.168.1.0 0.0.0.255 host x.x.x.x eq pop3
permit tcp 192.168.0.0 0.0.0.255 host x.x.x.x eq pop3
permit tcp 192.168.1.0 0.0.0.255 host x.x.x.x eq 143
permit tcp 192.168.0.0 0.0.0.255 host x.x.x.x.x eq 143
permit tcp 192.168.1.0 0.0.0.255 host x.x.x.x.x eq 143
deny tcp any any eq smtp
deny tcp any any eq pop3
deny tcp any any eq 143
permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
#####Silent Deny#####

So this access list permits any thing from the 192.168.0.0/24 and 192.168.1.0/24 network out on SMTP, POP3 and IMAP4 but then denys any other network from doing the same.

It then allows 192.168.0.0/24 and 192.168.1.0/24 out on any port and again the silent deny blocks any other network.

 

Sorry I wasn't clear with my post, I understand that they are applied from top down, but it is my understanding that you have to apply them in a specific order or it is 'wrong'.

How did you choose which access list rules to go 1st, 2nd, 3rd etc...

thanks

Jamie

 

Was going to ask for more info but looks like today is your judgment day! lol

Good luck with the exam, youll be fine! Let us know th outcome.... good or bad!

 

Reply anyways, I'm struggling with ACL as well.

GW

 

I don't really remember any specifics with ACL's in the CCNA.

Just always remember to do your allow before your deny's.

 

Hey, I passed with 933 / 1000...

 

Congrats mate

 

congrats dude!

 

Congratz!