Vous êtes sur la page 1sur 4
wram.s0.004 t0.00.016 Ri show ip access-list 120 Extended IP access list 120 10 deny tcp 172.11.10.0 0.0.0.255 10.10.0.0 0.0.255.255 eq telnet 20 permit ip any any Ru ferto he exinbt ACL 1201s conigured wbound on the Seva}O0 mterlace on rouler RT. bulthe hosts on network 172.11.100724 are able to tenet to network 10 10.00/16. On the basis of the provided configuration what should be done to emmedy the probiem? ‘@ Apply the ACL outbound on the seial0G0 interface on router RI © Apply the ACL outbound on the FastEthemet0 interface on outer Rt Include the establish keyword atthe end ofthe fist ine inthe ACL © Include # statement in the ACL to deny the UDP trafic that originales fom 172.11.10.0°24 network, 172.22.10.0124 Rly show ip access-list 110 Extended IP access list 110 10 permit tcp any 172.22.10.0 0.0.0.255 established 20 deny ip eny any Rie Refer to the exhibit Which statements true about ACL 170 FACL 110 is appledin the inbound direction on SOVO/0 of R17 © itwill deny TOP traffic to the internet the Waffic is sourced from the 172.22. 10.0124 network. © twill not allow TCP traffic coming from the Internet to enter the network 172.22.10.0/24 C ttl allow any TCP traffic from the Internet to enter the network 17222 10.0124 @ ttyl pent any TCP trafic that originated from network 172 22.10.0124 to return inbound on the SO/O/0 interface on ‘soma 2.160201 24 209.485 20 226.20 _ Fs Wien pera aoeass.201422 WEBITFTP Server 90.989 20288 04 saan soraarn Zoce WEB Server 209.185.2020, reo For 00 192160107126 | pay | 12160-1426 weeleemaee 190-468 4010 4 192460.190.26 rer [Refer to the exhib When creating an extended ACL to deny traffic rom the 192,108:90.0 network destined forthe Web server, 208,165,207. 30, where is the best location for applying the ACL? © ISP FaQi0 cutbound (© R2 SOON inpound @ 3 FaQ/0 inbound (© 3 80/011 outbound owt (confaytime-range EVERYOTHERDAY outer (conigtime-range)# periodic Monday Wednesday Friday 8:00 to 17:00 Routert(conigy# access-list 101 permit tcp 10.1.1. 0.0.0.255 172.16.11 0.0.0.255 eq telnet time-range EVERYOTHERDAY outer (cong) interface fa00 overt (confi ip address 1.1.1.1 255.255.2550 overt (config: ip access-group 101 in ‘Rar To @B ow wal Rear Waal Was mashing Wee Tage TequreTent of EVERVOTHERDAY? TOP tratcertrng a0 frm 172 16 4254724 destined to the 101.1024 network's pemited. (©°TCP tafe entang f0 frm (0 1.125424 destined to the 1721640724 networks permined (© Telnat rate enter 00 trom 172.16.1. 254724 destined to the 10.11.0724 nebwork is permite (Telnet vate entering 200 rom 101 1.25428 destined tothe 172 18.124 networks permed [R28 show ipaccess.lst StandardlP access listWEBSERVER ‘0permit 192 168, 10.110.0 265.255 ‘20permit host 192.168.10.13 Refertothe exhib How does tis access Wt provess a packet withthe source address 10.111 and @ destination of 192 188.10.197 C fis alowed because ofthe impli deny any. @ his dropped because it does nat match any of the items inthe ACL. Chis allowed because ine 10 ofthe ACL allows packets o 102 168 0.016 Chis alowed because ine 20 ofthe ACL allows packets tothe host 192.108.10.13. 192.168.1.50 192.168.3.90 Ri? show accesslist mame 10 deny top 192.168.132.0.00.15 any eq 80 20 deny tep 192.168.1.32 0.0.0.7 any.eq 23 30 permitip any any Refer tothe exhib The administrator wishes to block web tac fram 192 188.1 60 fem reaching the defaut por ef the web service on 182.168.3.20.To do this, the access conta st name fs applied inbound onthe router Rt LAN interface. fer testing the list, the sdministrator has noted tat the web trafic remains successful. Why is web trafic reaching the destination? © Web traffic does not use port 80 by defaut. © The access list is applied inthe wrong direction © The access ist needs tobe placed closer tothe destination, on 3, @ The range of source addresses spectfied inline 10 does not include host 192 168.1.50, R3# show runni interface serialQ/O/1 ip address 10.2.2.2 255,255,255,252 ip access-group 101 in \g-config access-list 101 permit top any host 10.2.2.2 eq telnet access-list 101 dynamic testlst timeout 15 permit ip any 192. 168.30.0.0.0.0.255 line vty 0 login local autocommand access-enable timeout 5 Refer 10 the exhibt. What wil be the effect ofthe configuration that's Shown? @ Users attempting to access hosts in the 192.168 30.0/24 network willbe required to telnet to R3. © Hosts connecting to resources in the 191 08.30.0/24 network have an ide timeout of 16 minutes, © Anyone attempting to telnet into R3 will have an absolute me limit of five minutes. © Telnet access to R3 will only be permitted on Serial CIO/t 192.168.2324 102.168.1124 192.168.3124 Pct C3 s92468.1.14224 192.1683.524 Extended IP access lise Lat 10 deny top host 192.168.1.14 host 192.11 20 deny top host 192.160 1.14 host 192.262.2.9 eq telnet 30 permit ip any any Extended IP access list Serial 10 deny ip hose 192.162.3.5 host 192.1 20 permit ip any any (lero the exh Ar adranstato has configured wo access Tals on RT The lstinbound on Me seal nteriace is named Sefal nd the [etinaound onthe LAN interface t= named LAN. What affect willbe praduced by the access contol kts? PCt willbe able to tenet to PCO, © R3wil not be able to communicate wih PC1 and PO. © PC3 cannot telnet te R2 and cannot communicate wih PC1 PCt wll not be able to tenet to Rand PCS will not be able to communicate with PCT