CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
about Question 3:
what i know is that a wild-mask is used instead of a subnetmask for the acl. So, the syntax of acl is wrong and it is the reason that no host could connect to the Router through S0/0/1.
So, the answer is A.
any idea? please let me know.
HEY GUYS PLEASE ANSWER ME WHAT ARE THE LATEST LABS EXAM ON THE CCNA 200-120 ?? BECAUSE MY EXAM IS ON AUG. 30 THANKS IN ADVANCE <3
please can someone tell me if this lab still valid, I’m preparing to take my ICND2 next week
Thank artety12 :)
On your question – what will happen if we don’t use a subnet mask of 255.255.255.0 but for example an ip address of 10.45.45.0 255.255.0.0?
Id say in this situation B is correct answer.
Routing updates won’t work because of their multicast adresses, but ping and telnet from host 10.45.45.0 will work.
Confirm for me that 10.45.45.0 255.255.0.0 is a valid host address? with a dot zero?!?
PC>ipconfig /all
FastEthernet0 Connection:(default port)
Physical Address…………….: 00E0.A369.3A4D
Link-local IPv6 Address………: ::
IP Address………………….: 10.45.45.0
Subnet Mask…………………: 255.255.0.0
Default Gateway……………..: 10.45.0.1
DNS Servers…………………: 0.0.0.0
DHCP Servers………………..: 0.0.0.0
Can someone plz pretty plz send me the latest dump for ccna 200-120 Thank you muchos muchos I have the test tomorrow eeek !!! valerod267@gmail.com
passed my CCNA today with perfect score 1000/1000
51 questions , labs ACL ACL2 and EIGRP
@9tut you are the man thank you God bless
plus 200-120 actual tests
folks just keep on practicing and believe in yourself
good luck
i’m going to take the CCNA exam this month.
I pray they will not change the LAB.
ALL THE PEOPLE THAT GOT 1000/1000. PLEASE STOP POSTING YOUR 1000/1000 LIKE THIS, BECAUSE IF CISCO SAW IT THEY WILL MAKE THE EXAM HARDER. PLEASE STOP. thank you
one can only apply one access list per interface per direction???
can i apply two acl on the same interface but one is inband and the other outband ??
Thank you 9tut…. ALL THE QUESTIONS FROM THIS WEBSITE……..SIMS ( ACL 1 , ACL 2 , EIGRP)
EIGRP WITH AS NUMBER 23 …… ACL 2 MOD 4
9 TUT ROCKSSSSSSSSSS
ı just didnt get it does question have 2 part or 1part that include 3 subquestion?do we have to confıgure some command?
i have passed my ccna exam with 1000 on ist of September.
This simulation was present with no modification .
9tut is best for ccna exam.
All question was from 9tut.
Hi…what is lastest valid dumb???
please can somebody send me the latest dump for ccna 200-120
I want to write my exam next week. email me: yanickiass@yahoo.fr
Can anybody provide me the link of VCE palyer as i am not able to play VCE files from exam collection
Hy.. could you guys send me the latest dump for CCNA on constantin.ovidiu@ymail.com thanks
salam alikoum,
here is the link :with 287 questions
http://www.4shared.com/file/AEzIShq6ba/CiscoActualtests200-120CCNAv20.html?locale=fr
HI, i will pass my ccna exam in two weeks and i wonder I there are some ospf sims. thanks
Hello friends,
I passed today exam 972/1000, Thanks to 9tut, Watson. EIGRP AS 112,ACL and ACL 2 modification 3.
congratz @Nurul .. :)
plz can anyone explain question 1 as the two ACLs will permit ping and disables telnets so why we change it ???
@basant: the 106 list only permits echo reply to enter the interface fa0/0 (remember it’s applied in the inbound direction) so this means that it will deny other icmp messages and so it will block the ping (echo request). However the 104 list (also applied in the inbound direction) will permit the echo request coming in fa0/0 (from the switch in this case) so the router when it receives the echo request it will reply the ping (the rule deny icmp echo reply will not affect here because it will deny echo replies coming TO the fa0/0 and not those FROM it ) I hope this explanatio is clear :)
Passed the exam yesterday with score 972 ,, studied from 9tut and watson dump ,,, sims were ACL1 , ACL2 and EIGRP,, thanks 9tut and good luck for all passing the exam ,,for any help contact me on abdohanafy@gmail.com
Please anyone help me….How do i answer ACL sim questions? is it MCQ select best answer…or need to any correction in Router??
Please anyone help me…how could I study SIMULATION….is it simply understand MCQ question and just answer to best one….
can some please share the dumps for 200-120 to gomeze87@gmail.com.
thanks
kamrul
salam alikoum , yes you must choose the best answese after this it’s like the qcm
you must check the box to the right answer
http://www.bubblews.com/news/7026831-cisco-ccna
does this question need any configuration or not ?
thank you
can someone send me the latest dump for ccna 200-120 to hemnath25@yahoo.com?
Hi is possibile that you learned 300+ questions of theory plus all possibile questions and answers on ACL 1,2 and EIGRP lab at the same time ? I don’t think is phisically possibile. Please share some experience !
Please i need a working VCE 1.1.2
hello everybody… im planning to tke the exam nextweek… but i cant hardly understand this LAb can anyone pls elaborate it to me? thanks… i can ping but i cant telnet… tnx in advance… alfechekurt@gmail.com… my email
What are people referring to when they say ACL mod 2 or mod 3? which modifications? Please share
.
This was on exam today. Exact same
Hi friends i am taking exam on next week, can any one send me latest dump pls. at naiduyadla2010@gmail.com, pls..!
if any one need latest dumps send us a working g mail id with password on
game.rose@hotmail.com
I passed today, got 900/100
I had acl, acl2 and eigrp labs
Eigrp was also the same, simple changes (ip addresses and eigrp 2). Passive interface command was on R1 and ISP link. Don’t remove it!
and was no network on isp router
This simulation was present with no modification
shakanii@hotmail.com
pls send the latest ccna dumps… hemnath25@yahoo.com
just done the exams 1 hr ago and passed 945.its easy and 9tut is enough to make you pass
labs eigrp.acl1 and acl2 mod 3
passed my exam today.ACL,ACL 2(mod 3). EIGRP1 etherchannel question.most questions came from watson.thanku 9tut.
im gonna take exam 18th sept. are there any new question please share experience?
Hello friends… Go to ccnalearn.cf to know all about ccna / dumps / exam problems / new questions.. etc all for free.
Hope it helps all to learn and clear ccna 200-120 exam. http://www.ccnalearn.cf
What is the difference between echo and echo-reply ? why “access-list 106 permit icmp any any echo-reply” won’t let switch’s ping to reply back ??
when i applied “access-list 110 deny icmp any any echo-reply” on interface fa 0/0 out i was able to get ping reply .. why is that ???
the host 10.45.45.0 255.255.0.0 wld’nt connect because the wildcard mask 0.0.0.0 255.255.255.0 ask to insist on the fourth octet while the other three first octet can take any value 0 through 255!So 255.255.255.0 is not a subnet mask but define the octet to be evaluated by the ACL.
??