What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?

What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?

ACL (exhibit):

show running-config (exhibit):

show running-config 2 (exhibit):

show running-config 3 (exhibit):

What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?

ACL (exhibit):

show running-config (exhibit):

show running-config 2 (exhibit):

show running-config 3 (exhibit):

A.
No host could connect to Router through s0/0/1

B.
Telnet and ping would work but routing updates would fail.

C.
FTP, FTP-DATA, echo, and www would work but telnet would fail

D.
Only traffic from the 10.4.4.0 network would pass through the interface

Explanation:
First lets see what was configured on interface S0/0/1:

Recall that each interface only accepts one access-list, so when using the command ip access-group 115 in on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.

But here raise a question

The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: no host could connect to Router through s0/0/1 seems right

But what will happen if we dont use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Luis Cifer

Luis Cifer

missing exhibit