Skip to Content

Getting Started with Networking: Understand Network ACLs Allowing and Denying Traffic

By: Author Alex Lim

Posted on

Categories Networking

Network ACLs are critical for controlling traffic flow. Learn how network ACL rules allow or deny traffic and the order in which rules are evaluated.

Table of Contents

Question

Which of the following statements about network ACLs are correct? (Select TWO.)

A. Network ACL rules let you allow or deny traffic.
B. Network ACL rules only let you allow traffic but not deny traffic.
C. Network ACLs evaluate rules in order (from the lowest to the highest) before making a decision to allow traffic.
D. Network ACLs evaluate rules in order (from the highest to lowest) before making a decision to allow traffic.
E. Network ACLs evaluate all rules before making a decision to allow traffic.

Answer

A. Network ACL rules let you allow or deny traffic.
C. Network ACLs evaluate rules in order (from the lowest to the highest) before making a decision to allow traffic.

Explanation

Network ACLs act as firewalls to control traffic in and out of subnets. Each ACL contains a numbered list of rules that are evaluated in order, starting with the lowest numbered rule.

Each rule can either allow or deny specified traffic. When a packet matches a rule, the associated action (allow or deny) is taken and subsequent rules are not evaluated for that packet.

The “allow” rules permit the specified traffic to enter or leave the subnet. The “deny” rules block the specified traffic from entering or leaving the subnet.

The rules are always evaluated starting from the lowest number (e.g. Rule #100) and proceeding to higher numbers (e.g. Rule #200) until a match is found. The first matching rule determines if the traffic is allowed or denied. If no rules match, an implicit “deny all” rule is enforced by default.

Therefore, it’s critical to order the rules from most specific to least specific to ensure the proper traffic flow. Network ACLs provide an important layer of security and access control for a network when properly configured.

Network ACLs evaluate rules in numeric order before making a decision to allow traffic. The rules can be configured to allow or deny traffic.

Getting Started with Networking EDNETWv1EN-US assessment question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Getting Started with Networking EDNETWv1EN-US assessment and earn Getting Started with Networking EDNETWv1EN-US badge.