A single-line ACL has been added to a router configuration using the command ip access-list 1 permit 172.16.4.0 0.0.1.255. The configuration also includes the access-class 1 in command in VTY configuration mode. Which answer accurately describes how the router uses ACL 1?
- Hosts in subnet 172.16.4.0/23 alone can telnet into the router.
- CLI users cannot telnet from the router to hosts in subnet 172.16.4.0/23 alone.
- Hosts in subnet 172.16.4.0/23 alone can log in but cannot reach enable mode of the router.
- The router will only forward packets with source addresses in subnet 172.16.4.0/23.
Explanation: The ip access-class 1 in command enables ACL 1 for processing inbound Telnet and SSH connections into that router, based on the source IP address of those incoming packets. It has no impact on Telnet or SSH attempts from the router to some other host. It has no impact on a user later reaching enable mode. It also has nothing to do with filtering packets that would otherwise be routed through the router. Note that the ACL matches all packets whose source IP address is in subnet 172.16.4.0/23, which includes the range of numbers from 172.16.4.0 to 172.16.5.255.
Please login or Register to submit your answer