Acess-List

Unanswered Question
Dec 9th, 2009

Examine the figure. You want to configure an access list that would permit  everyone on the 172.16.0.0/16 network to access resources on the 172.18.0.0/16  network but deny everyone else. You configure the following access-list:


access-list 1 permit 172.16.0.0 0.0.255.255

ACL.JPG

A)     Apply it inbound on RouterA's Ethernet 0 interface

B)     Apply it outbound on RouterA's Ethernet 1 interface

C)     Apply it inbound on RouterB's Ethernet 1 interface

D)     Apply it inbound on RouterC's Ethernet 1 interface

E)     Apply it outbound on RouterC's Ethernet 0 interface

Which one is correct?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 12/09/2009 - 23:44

Hello,

for me the correct one would be RB eth0 outbound but I don't see it on the available options.

172.18.0.0/16 is connected to RB so using ACLs on RC has no effect.

if applied inbound on RB ethernet1 it would be a partial achievement because it cannot process traffic coming from RC for example (if eth1 connects to RA)

C is the best of the available options

Here, we need to point out that standard ACLs match on source address regardless that they are applied inbound or outbound.

being standard ACL it should be applied nearest  to destination to be specific in action

Hope to help

Giuseppe

abhijit379 Thu, 12/10/2009 - 00:07

Tomorrow I will sit for the CCNA Exam, I was trying to solve a question paper from a reputed auther. In my point of view, the best available answer is the option "C". But author described it as E.

Thanks for your reply, Now I am sure, my concepts are not wrong. Lots of answers are there for which my concept differs from the answer described by the auther. I think I should ignore them and focus on my book.

Actions

This Discussion