ACL question

[niqd]

ACL Question


This was a drag and drop question.

access-list 107 deny tcp 207.16.12.0 0.0.3.255 any eq http
access-list 107 permit ip any any

Which below are permitted and which are not?

1) source IP 207.16.32.14 destination application http
2) sourse IP 207.16.15.9 destination port 23
3) source IP 207.16.14.7 destination port 80
4) source IP 207.16.13.14 destination application http
5) source IP 207.16.16.14 destination port 53

The answer is apparently #1 and #2 are permitted 3,4,5 are not.

# 1 is permited because it is not covered by the first line of the access-list. The second line permits it.
# 2 is permitted because it is not going to http or port 80. the second line permits it.


# 3 and #4 are blocked by the first line of ACL

Why is # 5 blocked?

Thanks
Nick

 

[jeter]

The range for your question is

207.16.12.0 thru 207.16.15.255 for HTTP (port 80) only deny.

All other should be allowed....

Some people are like slinkies. Not really good for anything but they bring a smile to your face when pushed down the stairs.


Tek-TIP Member 19,650

 

[NahRamp2]

Can someone provide a pretty good and detailed explanation of why the 5th one would be block. Hell, how about just going over why each is being blocked. Only thing i noticed is that some of the ip's match the wildcard portion in the 3rd oct.

 

[CiscoGuy33]

NahRamp2,

ACL 107 "as listed" is NOT going to block #5 because #5 is going to port 53

As jeter listed above ACL 107 is blocking -
207.16.12.0 thru 207.16.15.255 for HTTP (port 80) only "deny".

access-list 107 permit ip any any - lets EVERYTHING else in!

FYI - many practice test questions can have WRONG answers depending on who put the information together and how they got the information being used!

Hope this helps!



E.A. Broda
CCNA, CCDA, CCAI, Network +

 

[thecrow123456]

to summarize...
5) source IP 207.16.16.14 destination port 53
is PERMITTED.

(applause)