Hi everyone! I'm reviewing ACLs for the CCNA. I had a question in the practice certification exam # 1 in cisco.netacad asking me to block telnet in three statements with an extended ACL. I answered this:
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
The placement of the ACL was ok, but I didn't get any points for configuration. I didn't put the “deny any any” statement because I thought it was already included with the implicit deny, but to get out of doubt, I took it again and added the las statement. Again, I did not get any points for the configuration of the ACL. I have three routers connected by serial ports and the last one connected to the internet through a serial port also. All routers have an Ethernet interface. To block telnet from the networks connected to the last router, and also from the internet I place the ACL outbound in the fa0/0.
Now, my question is, should I use in the statements "any any" because I believe that the only reason I'm not getting this points is because they want me to summarize the networks or something. Also, I don't know whether to include the “deny any any” statement or not. I will be taking the ICND 2 and I'm pretty sure I will see this on the test. Can someone please help me understand what are they asking me? Please... Thank you very much.
Probably what they wanted you to do was the following:
ip access-list extended BLOCK_TELNET
deny tcp any any eq telnet
permit ip any any
Do not know what the exact statement of the question is but you can give it a try.
I guess you may need to apply that ACL to an interface or VLAN as in so that it can make the things work and that would be the correct answer.
Please do rate if the given information helps.