Q: Matching Port Numbers with ACLs 1

 In 200-301 V2 Ch03: Extended ACLs, 200-301 V2 Part 1: IP ACLs
1

#CCNA ACL questions can uncover your weaknesses even without a detailed and complicated list of requirements to place in a single ACL. In fact, my “Acing the CCNA Exam” live course on Safari features ACL Port Matching as one of its top 10 common mistakes for about 10 minutes of the course. In preparation for the upcoming Feb 8th edition of the course, I’ve added this new question. Enjoy.

Question:

Which answers lists an ACL command would permit all unencrypted web traffic from the web servers on the left of the figure to the subnet of the web clients on the right, assuming router R1 enables the ACL on its G0/1 interface in the input direction?

  1. access-list 101 permit ip   172.16.16.0  0.0.7.255   172.16.4.0 0.0.3.255  eq www
  2. access-list 101 permit tcp 172.16.16.0  0.0.7.255   172.16.4.0 0.0.3.255  eq www
  3. access-list 101 permit ip   172.16.16.0  0.0.7.255  eq www   172.16.4.0 0.0.3.255
  4. access-list 101 permit tcp 172.16.16.0  0.0.7.255  eq www   172.16.4.0 0.0.3.255  eq www
  5. access-list 101 permit tcp 172.16.16.0  0.0.7.255  eq www   172.16.4.0 0.0.3.255

The answer post should appear in a few days. As always, the answer link sits at the bottom of this page, just above where the comments begin.

 

Wendell is Teaching Again! Live Courses on Safari.
A: Matching Port Numbers with ACLs 1
Subscribe
Notify of
guest

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
sanjinb

access-list 101 permit tcp 172.16.16.0 0.0.7.255 eq www 172.16.4.0 0.0.3.255

We would like to permit www traffic from servers to clients, so direction on interface Gi01 is in.

sanjinb

0
Reply
1
0
Would love your thoughts, please comment.x
()
x