Which three statements describe ACL processing of packets? (Choose three.)
- Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.
- A packet can either be rejected or forwarded as directed by the statement that is matched.
- A packet that does not match the conditions of any ACL statements will be forwarded by default.
- An implicit deny any rejects any packet that does not match any ACL statement.
- A packet that has been denied by one statement can be permitted by a subsequent statement.
- Each statement is checked only until a match is detected or until the end of the ACL statement list is reached.
Explanation: ACLs are processed in a top down manner. When an ACL is inspected, if the information in a packet header and an ACL statement match, the remaining statements are not examined, and the packet is either denied or permitted through as specified by the ACL. If a packet header does not match an ACL statement, the packet is tested against the next statement in the list. This matching process continues until the end of the list is reached. Every ACL has an implied deny at the end of the list. This implied deny statement is applied to all packets for which conditions did not test true.