What is the result of applying this access control list?

IT Questions BankCategory: CCNPWhat is the result of applying this access control list?
What is the result of applying this access control list? 1ITExamAnswers Staff asked 1 month ago
Question:
What is the result of applying this access control list?

ip access-list extended STATEFUL
10 permit tcp any any established
20 deny ip any any
  • A. TCP traffic with the URG bit set is allowed
  • B. TCP traffic with the SYN bit set is allowed
  • C. TCP traffic with the ACK bit set is allowed
  • D. TCP traffic with the DF bit set is allowed

Explanation: The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Let’s see an example below:

What is the result of applying this access control list? 2

Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an “established” access-list like this:

access-list 100 permit tcp any any established
access-list 101 permit tcp any any eq telnet
!
interface S0/0
ip access-group 100 in
ip access-group 101 out

More Questions: CCNP 350-401 Dumps


Related Articles