Q: Matching Port Numbers with ACLs 1
#CCNA ACL questions can uncover your weaknesses even without a detailed and complicated list of requirements to place in a single ACL. In fact, my “Acing the CCNA Exam” live course on Safari features ACL Port Matching as one of its top 10 common mistakes for about 10 minutes of the course. In preparation for the upcoming Feb 8th edition of the course, I’ve added this new question. Enjoy.
Question:
Which answers lists an ACL command would permit all unencrypted web traffic from the web servers on the left of the figure to the subnet of the web clients on the right, assuming router R1 enables the ACL on its G0/1 interface in the input direction?
- access-list 101 permit ip 172.16.16.0 0.0.7.255 172.16.4.0 0.0.3.255 eq www
- access-list 101 permit tcp 172.16.16.0 0.0.7.255 172.16.4.0 0.0.3.255 eq www
- access-list 101 permit ip 172.16.16.0 0.0.7.255 eq www 172.16.4.0 0.0.3.255
- access-list 101 permit tcp 172.16.16.0 0.0.7.255 eq www 172.16.4.0 0.0.3.255 eq www
- access-list 101 permit tcp 172.16.16.0 0.0.7.255 eq www 172.16.4.0 0.0.3.255
The answer post should appear in a few days. As always, the answer link sits at the bottom of this page, just above where the comments begin.
access-list 101 permit tcp 172.16.16.0 0.0.7.255 eq www 172.16.4.0 0.0.3.255
We would like to permit www traffic from servers to clients, so direction on interface Gi01 is in.
sanjinb