Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?

Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?

• The enable secret password is not configured on R1.
• The IT group network is included in the deny statement.
• The permit ACE specifies a wrong port number.
• The permit ACE should specify protocol ip instead of tcp.
• The login command has not been entered for vty lines.

Explanation: The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched.

Exam with this question: CCNA 3 v7.0 Final Exam Answers
Exam with this question: CCNA 4 Chapter 4 Exam Answers
Exam with this question: CCNP Enterprise: Advanced Routing (Version 8.0) – Infrastructure Security and Management Exam