CCENT: Standard ACL individual address

william-fields

Hi Folks,

Are these three commands the same,

"access-list 1 permit 10.1.1.1"
"access-list 1 permit 10.1.1.1 0.0.0.0"
"access-list 1 permit host 10.1.1.1"

with either "host" or "0.0.0.0" being required on earlier versions of IOS?

Thanks

William

Ronnie Wong

@william-fields,

As far as I can tell, working from an C3550. when I enter all three commands, ( I changed the IP address and access-list number but it works.)

C3550(config)#
C3550(config)#access-list 10 permit 10.10.10.10
C3550(config)#access-list 10 permit 10.10.10.10 0.0.0.0
C3550(config)#access-list 10 permit host 10.10.10.10
C3550(config)#do show access-list
Standard IP access list 10
    10 permit 10.10.10.10
C3550(config)#

It sees it as being ONE.

william-fields

Hey Ronnie,

This very point came up at the 50:30 mark of the Access Control Lists episode. You and Don are showing the configuration for an individual address and he mentions the fact of these three forms.
I think its simply that the newer version of the IOS does not require either "host" or "0.0.0.0" in the command.
What is the Cisco "preferred" method? That is the question for the exam!

Thanks again for all the great work.

William

enki

@william-fields

The 'proper' way to identify a single host is with the 'host' designation. With that said, whatever works for you is fine as long as it works.

Regarding Cisco exams, in my experience I wouldn't worry about the particulars here. While in some cases you may need to know best or official practices, for questions that are simply semantics they usually don't care. Unlike some vendors, Cisco doesn't try to trick you, at least in my opinion.

With the standard multiple choice questions, you are either going to need to pick one or multiple correct choices. If only one is required, then the other options will all be completely invalid. If multiple answers are correct and asked for, then in a situation like this it pays to know that the results are the same so you can pick all the valid answers.

With the lab simulations, again Cisco doesn't seem to care how you solve the problem or identify the solution as long as the method you take provides the correct end result. For example, if you are tasked with creating an ACL for a host and use any of those commands, you will almost certainly be graded the same. The only issue you could face is that, in the exam, your command options are limited. Some perfectly valid commands or syntaxes are blocked. This is actually a good thing since it can help eliminate wasted time. You may be forced to use host, or prevented from using it (unlikely in this scenario, but possible in others). So again it pays to know what your options are.

Ronnie Wong

@william-fields,

I must agree with @enki here. The key to the exam simulation is to understand that the exam simulations for switches are based on the 2960 in the CCENT, so whatever version of the OS that is operating there is the key. If you want to be truly to the letter of the law. I would find a copy of the official exam guide and lookup how they enter it there and follow that one. But I do believe any of them will work with the 2960... since I know that my 3550 is older and all three work.

Daniel Espinal

@enki said:

@william-fields
With the lab simulations, again Cisco doesn't seem to care how you solve the problem or identify the solution as long as the method you take provides the correct end result. For example, if you are tasked with creating an ACL for a host and use any of those commands, you will almost certainly be graded the same. The only issue you could face is that, in the exam, your command options are limited. Some perfectly valid commands or syntaxes are blocked. This is actually a good thing since it can help eliminate wasted time. You may be forced to use host, or prevented from using it (unlikely in this scenario, but possible in others). So again it pays to know what your options are.

oh cisco cares. In taking the ccnp switch recently I hit a wall trying to get an ACL to work. My simulation accepted my command but when I checked the running config it did not work. I spent what felt like about a 3rd of my time trying to get that command that I've used hundreds of times and the simulation DID NOT FLAG AS AN INVALID COMMAND to work. eventually I tried every other form of the command I could think of and finally came up with something that did work. it turned out I was using a "SPACE" in the wrong place. Now on my personal switch the command worked without the spacing but not on the test.

Moral of the story is to learn multiple ways of doing it. The simulations on the test tend to use older IOS images which in some cases have commands that have been deprecated. I actually had a simulation question that had me use a command that is no longer valid on modern IOS. I got lucky and ran across a post on the official cisco forums that mentioned this and sure enough it popped up on my exam.

enki

Well as I mentioned, I have seen instances where certain commands are actually disabled on purpose. I imagine this is for Cisco to see if you know the other options. When I took the CCNA years ago, I ran into a similar issue trying to create an ACL. The standard method I always used didn't work and I was banging my head against the wall for 10 minutes, almost giving up, thinking I was crazy. Finally I tried a different method that did work and moved on. Not sure if this was on purpose or just a broken simulator. To the latter, I also agree that the SIMs are a bit wonky. Weird things happen that can be very frustrating. Especially when trying to validate your work.

But my earlier point was more regarding standard multiple choice questions than labs/sims. I have actually seen ones where NONE of the answers were valid (the question itself was badly worded and I reported it), but I've never seen one where it asked for a number of correct answers (e.g. 1, 2 or 3) and there were more correct available and you had to chose between them.

enki

@Daniel-Espinal

Here is a perfect example of my comment (just a few hours ago) about how the Cisco test simulators can be broken. In between that comment and now, I sat for my SWITCH exam. I have to be careful to stay within the scope of the NDA, but suffice it to say I was not very happy with one of the questions. It was a fairly complex multi-step simulation that required numerous things to be configured.
Long story short, after I was done doing everything I thought I needed to, I went to verify it was working probably. One thing was not according to the information presented. I tried troubleshooting, but came up empty. My options were limited since you don't get to really 'debug' anything. So I spent about 30mins going back and forth trying to get this last piece working. Redoing all of the commands and kicking myself thinking I missed something obvious. Eventually, and with much reluctance, I gave up. This was at almost the beginning of the exam. As a result, even though I moved on, my mind kept going back to the issue and trying to think if I missed something and what it could be. This was obviously disruptive for me since I stilled had 30 questions left to go. Eventually I took a breath and just pushed on.
Since labs can be a big portion of the exam score, I was concerned that I failed. Honestly, I felt it was 50/50 whether or not I passed, where normally I'm pretty confident. Fortunately I did not fail. In fact, I got 100% (still can't believe it). Which goes to show:

The labs don't always work properly and can't be trusted.
Even if they don't, you can still get the question correct if everything else is done correctly.
But I'm still upset over the whole thing.

On a somewhat related note, there were also quite a few obvious spelling issues. Overall, I think the QA on this exam was poor at best. On to TSHOOT!

Daniel Espinal

@enki Congrats :+1:

What was your study strategy?

enki

@Daniel-Espinal said:

@enki Congrats :+1:

What was your study strategy?

Thanks!

I definitely used the ITProTV SWITCH training videos. I also used some of the Cisco training resources and setup some home labs for practice. Since it was switching, GNS3 could only do so much, but I had a couple old Catalyst switches I was able to play with for other stuff. Most of the generic stuff I was able to rely on previous work experience. Even though we rarely use Cisco switches in our client's production networks, many other vendors have similar CLI environments. I've setup countless VLANs, trunks, LAGs, STP, etc. so have a strong fundamental understanding of those concepts. Even with that, there were a few questions I really just guessed at. Combined with the issues mentioned above in one of the lab questions, I really thought I might have failed. I was astonished when I got 1000. I did that on my CCNA, but felt very confident that I knew all the stuff (plus had been CCNA certified twice before hand since 2000). I spent a LOT more time studying for the route, since it was a weakness in terms of experience, and got 9-something. Hopefully my luck continues for the TSHOOT exam. I took Cisco's TSHOOT simulator, since the format is very different compares to other exams, and it looks kind of fun. I got 4/4 right, but I imagine those are just basic 'how-to' type questions. I'm going to begin studying for that tomorrow and hope to sit for it sometime next month.