Question:
A network administrator is configuring an IPv6 ACL to deny Telnet access from all staff in the branch office to a file server in home office. All branch office staff use addressing from the IPv6 subnet 2001:DB8:100:20::/64. The file server in home office uses the address 2001:DB8:100:50::15/64. Implementing the No-Telnet ACL on the LAN interface of the branch office router requires which three commands? (Choose three.)
- permit tcp any host 2001:DB8:100:20::15 eq 23
- deny tcp host 2001:DB8:100:50::15 any eq 23
- deny tcp any host 2001:DB8:100:50::15 eq 23
- permit ipv6 any any
- deny ipv6 any any
- ip access-group No-Telnet in
- ipv6 traffic-filter No-Telnet in
Explanation: The ACL requires an ACE denying Telnet access from all users in the LAN to the file server at 2001:DB8:100:50::15/64. The IPv6 ACL also has an implicit deny, so a permit statement is required to allow all other traffic. With IPv6, the ipv6 traffic filter command is used to bind the ACL to the interface.
Exam with this question: CCNP ENARSI 8 Modules 21 - 23 Checkpoint Exam: Infrastructure Security and Management Exam
Please login or Register to submit your answer