12-09-2009 11:14 PM - edited 03-06-2019 08:54 AM
Examine the figure. You want to configure an access list that would permit everyone on the 172.16.0.0/16 network to access resources on the 172.18.0.0/16 network but deny everyone else. You configure the following access-list:
access-list 1 permit 172.16.0.0 0.0.255.255
A) Apply it inbound on RouterA's Ethernet 0 interface
B) Apply it outbound on RouterA's Ethernet 1 interface
C) Apply it inbound on RouterB's Ethernet 1 interface
D) Apply it inbound on RouterC's Ethernet 1 interface
E) Apply it outbound on RouterC's Ethernet 0 interface
Which one is correct?
12-09-2009 11:44 PM
Hello,
for me the correct one would be RB eth0 outbound but I don't see it on the available options.
172.18.0.0/16 is connected to RB so using ACLs on RC has no effect.
if applied inbound on RB ethernet1 it would be a partial achievement because it cannot process traffic coming from RC for example (if eth1 connects to RA)
C is the best of the available options
Here, we need to point out that standard ACLs match on source address regardless that they are applied inbound or outbound.
being standard ACL it should be applied nearest to destination to be specific in action
Hope to help
Giuseppe
12-10-2009 12:07 AM
Tomorrow I will sit for the CCNA Exam, I was trying to solve a question paper from a reputed auther. In my point of view, the best available answer is the option "C". But author described it as E.
Thanks for your reply, Now I am sure, my concepts are not wrong. Lots of answers are there for which my concept differs from the answer described by the auther. I think I should ignore them and focus on my book.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide