Implement, verify and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network

These questions are based on 642-816 – Interconnecting Cisco Networking Devices Part 2.


Objective: Implement, verify and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network
Sub-Objective: Describe the purpose and types of access control lists


Single Answer, Multiple Choice


Which access list will permit all HTTP sessions to subnet 192.168.144.0/24 containing Web servers?



  1. access-list 110 permit udp any 192.168.144.0 eq 80
  2. access-list 10 permit tcp 192.168.144.0 255.255.255.0 eq www
  3. access-list 110 permit tcp any 192.168.144.0 0.0.0.255 eq 80
  4. access-list 10 permit udp any 192.168.144.0 255.255.255.0 eq 80

Answer:
C. access-list 110 permit tcp any 192.168.144.0 0.0.0.255 eq 80


Tutorial:
The access-list 110 permit tcp any 192.168.144.0 0.0.0.255 eq 80 command is syntactically correct. HTTP sessions for a destination subnet 192.168.144.0/24 need to be permitted, and therefore, an extended IP access list is required. Access list number 110 is in the range of extended IP access lists. All HTTP sessions are permitted by using source address and wildcard mask 0.0.0.255 indicated in the whole 192.168.144/24 subnet.


The command access-list 110 permit udp any 192.168.144.0 eq 80 is incorrect because a wildcard mask is not provided for the subnet. HTTP uses TCP, not UDP.


Access list number 10 is in the range of a standard IP access list and filter traffic on the basis of only source IP address. These access lists cannot permit or deny traffic for a destination network 192.168.144.0/24. Standard IP access lists cannot filter traffic on the basis of Layer 4 protocol, whether TCP or UDP.


Reference:
CCNA Self-Study CCNA ICND Exam Certification Guide, Chapter 12: IP Access Control List Security, pp. 439-440.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: