Access List
rivanfrank
Member Posts: 9 ■□□□□□□□□□
in CCNA & CCENT
Hi Everyone,
I'm confused with this question, i thought letter A is the correct answer, because it was already denied in line 30.
Thanks.
I'm confused with this question, i thought letter A is the correct answer, because it was already denied in line 30.
Thanks.
Comments
-
Prog Snob Member Posts: 57 ■■□□□□□□□□I may be mistaken but it looks like the question is regarding traffic coming FROM the internet and line 30 of the access list pertains to data going TO the internet. It would be better to see the photo of the network maybe.
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Prog Snob is right. Answer C is correct because all of the entries show traffic sourced from the internal network not TO the internal network. As a result, the list will be processed from top to bottom, and since there's no "permit" that would match traffic destined to the 172 network it would be implicitly denied.
Remember, ACL entries are written as such with reference to this problem:
10 deny [PROTOCOL] [SOURCE ADDRESS] [SOURCE MASK] [DESTINATION ADDRESS] [DESTINATION MASK] [DESTINATION PORT]
So the ACL entries in question are showing traffic sourced from the 172.16.0.0 network, which is incorrect since traffic is coming from the internet. Your confusion lies in the syntax of extended ACL's it appears.