ITExamAnswers Staff asked 5 months ago
Question:
What is the result of applying this access control list?
ip access-list extended STATEFUL 10 permit tcp any any established 20 deny ip any any
- A. TCP traffic with the URG bit set is allowed
- B. TCP traffic with the SYN bit set is allowed
- C. TCP traffic with the ACK bit set is allowed
- D. TCP traffic with the DF bit set is allowed
Explanation: The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Let’s see an example below:
Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an “established” access-list like this:
access-list 100 permit tcp any any established access-list 101 permit tcp any any eq telnet ! interface S0/0 ip access-group 100 in ip access-group 101 out
More Questions: CCNP 350-401 Dumps
Please login or Register to submit your answer