Chapter 10
Concept Question 1-6

1) If an ACL is not configured on an interface, what happens to all routable traffic entering or exiting that interface? Why does this happen?

Traffic entering the interface is accepted for processing, and traffic exiting the interface is forwarded. By default, all traffic is permitted on an operational interface that has no access control.

2) A packet is evaluated against the statements in an ACLs. It matches none of the statements. What happens to the packet? Why does this happen?

The packet is discarded. The Cisco IOS software uses an “implicit deny” procedure for ACLs. The last statement whether expilicity configured or not, is a deny statement. Any packet that does match a statement in the ACLs is discarded.

3) What are the two major steps to implement ACLs to filter inbound and/or outbound traffic?
1) Write the ACL in global configuration
2) Apply the ACL to the correct interface
An ACL written in global configuration mode has no effect until it is applied.

4) You have already configured a numbered ACL. Upon further inspection, you realize that some traffic is still being allowed through. Another statement needs to be inserted into the existion numbered ACL. Describe the steps you would go through to make the change
1) Use the show run command to display the existing numbered AcL, and then copy it into Word.
2) Add a command at the beginning of the text to first remove the old ACL. The next command is the first statement in the ACL.
3) Insert the needed statement in the correct place.

5) After configuring the numbered ACL from the previous question, you discover that another statement is not necessary and must be removed. What can you do to fix this problem?

You cannot remove a single ACL statement in a numbered ACL. Doing so removes the entire ACL. Copy the ACL into word and then delete the