Refer to the exhibit and the following configuration. Which statement correctly describes how Router1 processes packets with this configuration?
Router1(config)# access-list 201 deny icmp 192.168.1.0 0.0.0.255 any Router1(config)# access-list 201 deny icmp 192.168.2.0 0.0.0.255 any Router1(config)# access-list 201 permit any any Router1(config)# access-list 101 deny tcp any 192.168.1.0 0.0.0.255 eq 8080 Router1(config)# access-list 101 deny tcp any 192.168.1.0 0.0.0.255 eq 80 Router1(config)# access-list 101 deny icmp any 192.168.1.0 0.0.0.255 Router1(config)# access-list 101 deny icmp any 192.168.2.0 0.0.0.255 Router1(config)# access-list 101 permit ip any 192.168.1.0 0.0.0.255 Router1(config)# access-list 101 permit ip any 192.168.2.0 0.0.0.255 Router1(config)# interface serial 0/0/0 Router1(config-if)# ip access-group 101 in Router1(config-if)# ip access-group 201 out
- Traffic exiting interface serial 0/0/0 is filtered by both ACL 101 and ACL 201.
- If a packet entering interface serial 0/0/0 matches a condition in ACL 101, the router continues comparing the packet to the rest of the statements in ACL 101 to make sure that no other statements might apply.
- Router1 compares packets entering interface serial 0/0/0 first to all the ACL 101 statements for the IP protocol and then to all the ACL 101 statements for the ICMP protocol.
- A packet entering interface serial 0/0/0 is compared to each statement in ACL 101 until one statement matches the packet. Then the router drops or forwards the packet without considering the remaining statements in ACL 101.
Explanation: ACL statements are executed in sequential order. The packet is evaluated against each statement in the ACL, from the top down, one statement at a time. After the packet matches a statement, the packet is forwarded or dropped, and the remaining statements are not examined.
Exam with this question: EWAN v4 Chapter 5 Check Your Understanding: Access Control Lists
Please login or Register to submit your answer