ACL MATCHING DRILL_
Top-down evaluation. Implicit deny. First match wins. Randomized ACL + packet pairs — predict which line catches the packet before it reaches the implicit deny. The single most exam-tested ACL concept, drilled to muscle memory.★ HOW IT WORKS
Each question shows a randomized ACL plus an incoming packet. Your job: name the FIRST line that matches the packet, with its verdict (permit/deny). If no line matches, the answer is implicit deny.
Three difficulty modes:
- STANDARD — Numbered 1-99. Source IP only, no protocol or port. Easier, but classic CCNA test material.
- EXTENDED — Numbered 100-199. Full match: source IP + destination IP + protocol + destination port. This is where most exam questions live.
- MIXED — Randomly serves both. Default — gives you the full range.
After every answer you'll see a field-by-field walkthrough of the winning line. If you picked a line that would also match but isn't the first one — that's the most common ACL exam trap — you'll get a callout explaining what was higher in the list and why ACLs are evaluated top-down.
v1 — currently supports standard and extended IPv4 ACLs, protocols tcp/udp/ip, and the eq port operator. Wildcards, named ACLs, source ports, established, TCP flags, and ICMP are out of scope for this version.