New Posts  All Forums:Forum Nav:

Cisco question

post #1 of 46
Thread Starter 
i need a question answered so i'll ask.

Does anyone have their CCNA or had it at one time.

I will be taking my exam tomorrow and have an Extended ACL question if anyone thinks they can answer it.

An Extended ACL basically has several fields, but they generally go like this

access-list 100 [permit|deny] [tcp|udp or various other protocols] [source ip address] [source wildcard mask] [destination ip address] [destination wildcard mask] eq [port number]

My problem is this....the usage of any and host for the source|destination info, i understand you can use any for the source and destination IP's but how to use host, i have not been able for the life of me to find a clear cut explanation on how to use it.

i have seen various ACL's use something like

access-list 100 permit tcp host 192.168.1.0 host 204.123.55.24 eq 80

in that scenario i don't see what the meaning of host is, it's coming before the IP addresses.

This may be over many peoples heads and i understand but before i take my exam tomorrow i am determined to find an answer.
post #2 of 46
Host is only for a single IP address. If you want to permit or deny a specific host or IP address.

access-list 101 permit tcp host 192.168.1.1 host 10.1.1.1

- Meaning permit an extended access control list for TCP permitting only the host with the source IP address of 192.168.1.1 to reach only the specific destination IP address of 10.1.1.1.

Again, any is all IP addresses with any subnet mask. Host is a specific IP address, not a range..

Remember, implicit deny statements exists after each access-list, so on the exam if you get a multiple choice that dosen't have a permit ip any any, all traffic not specifically permitted will be denied..

You're doing the 802? or the 816?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #3 of 46
Thread Starter 
I'm taking the tests back to back seperately.

640-822 ICND1 followed by 640-816 ICND2

I don't think i'll fail but i am preparing for the worst, if i do fail one test then i only have to take it and i'll have half the CCNA passed already.

Spent 2 months in class and another 3 weeks studying with Transcender and the Todd Lammle book + various other study resources.

Thanks for the info on ACL's, that question has been hounding me for awhile now.
post #4 of 46
The function of host basically translates to a wildcard of 0.0.0.0 . The syntax changes to alleviate confusion.

Make sure you look over spanning tree and VTP. There are at least 10 questions on there between the two (although I took the 802). Diagnosing WAN links seemed to be a big one as well (including frame relay).
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #5 of 46
Thread Starter 
Quote:
Originally Posted by beers View Post
The function of host basically translates to a wildcard of 0.0.0.0 . The syntax changes to alleviate confusion.

Make sure you look over spanning tree and VTP. There are at least 10 questions on there between the two (although I took the 802). Diagnosing WAN links seemed to be a big one as well (including frame relay).
Thanks for the help. I'm pretty good with CDP and STP, VTP i'm decent at.
post #6 of 46
Good luck to you on the test... I found the NA to be harder than the NP...
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
1090T
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090T GA-890FXA-UD5 HIS 4670 G.SKILL ECO Series 4GB (1600) 
Hard DriveOSPowerCase
WD Black (Raid 0) Win 7 Home Premium x64 CORSAIR 850W COOLER MASTER Storm Sniper 
  hide details  
Reply
post #7 of 46
Quote:
Originally Posted by Thorn-Blade View Post
Good luck to you on the test... I found the NA to be harder than the NP...
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #8 of 46
easiest way to look at it refer back to your subnetting, which you will find about 20 questions on. Host refers to 255.255.255.255
Cisco makes it a little easier for ACL's
access-list 100 permit tcp host 192.168.1.0 host 204.123.55.24 eq 80
or
access-list 100 permit tcp 192.168.1.0 255.255.255.255 204.123.55.24 255.255.255.255 eq 80

in other words the wildcard mask is your subnet, if it is 1 host/IP/computer instead of typing the subnet insert host. also remember 192.168.1.0 is not a host, hosts are from 1 - 254

GL on your Exam.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #9 of 46
Quote:
Originally Posted by beers View Post
The function of host basically translates to a wildcard of 0.0.0.0 . The syntax changes to alleviate confusion.
the wildcard 0.0.0.0 actually means any host any subnet.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #10 of 46
The ACL question on the CCNA that I took was pretty easy. Although, I took it twice. My score on the first was 80%, second go with a good ACL was 85%.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security