Networking - Security - Discussion

Discussion :: Security - Security (Q.No.11)

11. 

You configure the following access list:

access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 out
What will the result of this access list be?

[A]. Email and Telnet will be allowed out E0.
[B]. Email and Telnet will be allowed in E0.
[C]. Everything but email and Telnet will be allowed out E0.
[D]. No IP traffic will be allowed out E0.

Answer: Option D

Explanation:

If you add an access list to an interface and you do not have at least one permit statement, then you will effectively shut down the interface because of the implicit deny any at the end of every list.

Knk said: (Jul 10, 2017)  
But first, we must enter this to deny telnet from any host to any host.

Access-list 110 deny TCP any eq 23 (not this "access-list 110 deny tcp any eq 23" I guess).

Acc 110 per ip.

Post your comments here:

Name *:

Email   : (optional)

» Your comments will be displayed only after manual approval.