You would like to deny Network 1 (shown in the following figure) from accessing the Internet. Where would be the most efficient location to apply the access list ?
access-list 75 deny 172.16.60.0 0.0.0.255
access-list 75 permit any
A. On the Homer router, Fa0/0 inbound
B. On the Homer router, Fa0/0 outbound
C. On the Homer router, S0/0 inbound
D. On the Homer router, S0/0 outbound
E. On the Marge router, S0/1 inbound
F. On the Marge router, S0/1 outbound
G. On the Marge router, S1/0 inbound
H. On the Marge router, S1/0 outbound
Answer :
F. When applying standard access lists, it's always best to apply them closest to the destination. Because they can only permit or deny based on the source address, placing them too close to the source might allow or deny too much access. For example, if the access list were placed on the Fa0/0 port of the Homer router, Network 1 would not be able to access any resources on the network. All other answers are incorrect because they are not the closest to the Internet destination
Search Here
Sunday, June 29, 2008
Question : CCNA
Posted by vinoth at 8:44 AM
Labels: CCNA Questions
Subscribe to:
Post Comments (Atom)
Posts
0 Comments:
Post a Comment