CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
Hey Every one Passed my ccna exam today….. Got 989
Labs were ACL,Acl2,EIGRP….
In Acl we just have to use Show Running-config command and select the correct answers for the three questions..
In Acl2 permit host c web access for financial web server and no other host and host c could not access finance web server , and permit every thing else… in the serial interface which connects to the core router had wrong ip address and i changed it
In EIGRP same as hear no passive interaface and default network errors were found..
I used EXAMTUT and Mathew’s dumps and from 9tut…All the questions were from hear and the dumps which i studied
Thank YOU 9TUT AND EXAMTUT AND MAthews
Didnt strained too much …. just relaxed and under stood the topics …. The EXAM is Just a Piece of CAKE if u have under stood the topics….
Cheers Every One …. Alll the best…
my exam will b held on 27th but my preprations is not well..so give me any suggestions
guys! Im about to take my exam next month. Can I have latest dumps for CCNA 200-120? Also all the simulations included on that exam. Thanks guys! justinoamparoiii18@gmail.com
can you please send me the dumps to my email my exam on 5 june my email maher_cud@live.com
i will expect do my exam on 30th may please sent new dumps to me ranganab@live.com
Thanks to 9tut
Just passed my exam with 980 score. This sim was in todays exam
hi Guys! please please please send me a copy of the latest dumps you got. i will take the exam soon and i need all the materials i can review! thanks in advance! godbless us all! we all rocks! here’s my email: marsonsing@gmail.com
I have passed today 100/1000 Acl1,Acl2 and Eigrp .
Thanks 9tut and exam collection
hi Guys! please send me a copy of the latest dumps you got. i will take my exam soon and i need all the materials i can review! thanks for your help
my email is: hassan092011@gmail.com
can you please send me the dumps to my email my exam on 5 june my email rajk7860@gmail.com
This was on my exam today.
Exactly the same as it is here in 9tut
@Bashir & Aravind : Is the ACL- 1 Sim same as here ??
@Aravind: Is it required to change the ip for Serial interface which connects to core network??
kindly reply on a high priority..my xam is on tomorrow..
Guys i passed 927 pts :)
ACL, ACL2 and EIGRP no surprises.. exact the same as the lab sims from here… ip addresses changed only…
i was getting worried more about the theory…
i didnt read none of this topics:
New CCNA – HSRP VRRP GLBP
New CCNA – SNMP Questions
New CCNA – NetFlow Questions
New CCNA – Syslog Questions
you should read them well cause there are like 10 questions of these topics.. cant tell u exactly which ones but its not that much info… be sure to read them at least once
any question feel free to contact me on fb Cheko.Mnz … i’ll be happy to help them in whatever i can
my exam on 3/6/2014 need dumps
ASAP
@Sergio very happy to knw you have passed…my turn now :)
I cracked up the question 3, the thing is that ‘access-group 115 in’ is not a valid command. Should be ‘ip access-group 115 in’, thus s0/0/1 will keep 102 access-list in place. In that case, answer C will be correct.
@9tut
what would you say for @anon answer??
I think @anon is ryt.. any discussions ?
@Sergio
Congrats Sir!!! cheers!
Anyway, I would like to asked about on how did you managed to answer the EIGRP sim? like, did you bother to solved regarding the connectivity issues between R1 and the ISP? and also did you see any passive interfaces between routers?
Hi, i will expect do my exam on 30th may please sent new dumps to me
here’s my email 9tut mharvinguina417@gmail.com
please give me a new CCNA 200-120 Sim and i will try to review all thanks
alot… godbless us
hi I have ccna exam on 9th of june so please send the latest dumps. …email: praveenrock48@gmail.com..
I have a question, are you suppose to configure the lab or is it a multiple choice question, not
sure what to do with in packet tracer?
@9tut
please send latest dumps to andrew.mccoy37@gmail.com exam on 6/10 thank you so much
did you pass drew?
@anon, as you can see if u type show ip int br, s0/0/1 is administratively down, so the answer is simple, just A. In the other hands, C is not correct because we can telnet through s0/0/0.1. Sorry for my bad english.
Passed yesterday , scored 986. Labs were eigrp ACL1 and 2 with 2 midification, all questions from 9tut.
Hi Guys, Max, PLEASE send me a copy of VCE/crack so am able to read the dumps at allcertif@yahoo.com.
Thanks
congrats to me!!!!!! I passed today with 945
Today I passed the exams with 917 .. Labs were ACL1, ACL2 and EIGRP with little change…. Watson dumps… 100 %… 9TUT Zindabad ,,,,,,,,,,,,,,,,,,,,,,,,,,,Love u……………………..
cleared CCNA with the score of 1000/1000, it was so easy
anyone need dumps or other helping material email me at elegance_96@live.co.uk
I have passed today 1000/1000 Acl1, Acl2 and Eigrp
Even I used Testking engine in my preparation I got useful information on 9tut
Thanks
CANADA
passed my CCNA exam today, thank God
thanks to this site, one of the best CCNA learning sites,
short, sweet and concise
(netacad can be overwhelmingly overloaded with information, some redundant)
sims were EIGRP, ACL 1, ACL 2
9tut and watson
Hello All,
Cleared my exam on 20th June 2014, 986/1000,
thanks to 9tut :)
Dumps i referred – Matthew, waston, examtut(All qiestions are from dumps only – total 51quest)
Labs i got in exam – ACL, ACL2 and EIGRP
Regards,
Keep rocking :p
*******************************************************
PLZ HELP!!!!!!!!!
Can someone plz send me the latest dump?!?!??!?!?!?
shlomi_star2@hotmail.com
******************************************************
I have just started Preparation for CCNA EXAM. Can someone please send me the latest dumps at kmadriver@hotmail.com
Thanks 9tut, i passed with 1000 (yesterday 25 juny 2014)
All questions of 9tut and lab sim : acl,acl2 and eigrp
The same acl lab in my exam
To mosin cancle ur exam
I cleared the exam today, thanks to 9tut :3 awesome web site, all the questions where from 9tut!!!
The labs too, i got the ACL, ACL2 and EIGRP’s lab.
Thank to 9tut and nesrine my fiance who helped me a lot!!!
‘passed my CCNA exam yesterday with a score of 972.
i’ve never been so happy :)) well anyways…
The exam has 51 questions. Labs were:
ACL1 – same as here at 9tut
ACL2 – it was a modification 3 (got wrong in 2nd syntax, so my suggestion is to read CAREFULLY in every instructions on this one and use the appropriate modification)
EIGRP – a slight change in topology, with an AS# of 12 (accg to my exp, instead of adding a network in Router1, you have to replace the wrong network by the network given in Router1)
these are things that helped me a lot:
Training Center, CBTNuggets Tutorials by Jeremy, 9tut (much appreciated! ^_^), Watson, Matthew & P.Tracer
I hope this helps :)
________________________________________________________________________
“Nothing great was ever achieved without enthusiasm.”
- Ralph Waldo Emerson
on monday i’m going to take exam,hope i’m confident
excuse me is this ACL1 sim ?
i know that the range of ACL1 are from 1-99
but in this sim is more than 100 that mean extended ACL , is it right ?
please help me
Hi someone please help me with a good site information which contains multiple labs practice examples on Routing Switching and MPLS.
My mail id is nagasheshu.2010@gmail.com
Thanks in advance.
This Sim was there for my exam
Guys you should download dumps and many other helping materials from
[( a d f . l y / o 7 b a 3 )]
Its a direct and safe download and the download speed is ultra high.
Also the dumps is super easy to download.
Enjoy.?
@9tut is ther s any modification qustn s available for acl 1?
@Ranjith: No, there is no modification for this sim.
Hi there, can anyone help me to send the dumps at satish91.sm@gmail.com? Appreciate it , thx
Guys you should download dumps and many other helping materials from
[ a d f . l y /o 7 b a 3 ]
Its a direct and safe download and the download speed is ultra high.
Also the dumps is super easy to download.
Enjoy.?
hi friends please can some one help me send the new dumps to wavanyinyako@gmail.com.
thank you.