CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
ALL THE BEST GUYS
@Ashish, Because you applied the access list on the interface outbound. therefor you can receive echo reply’s on the inbound.
its very helpful thanks 9tut
Can anyone please explain to me about Standard and Extend ACL.
I know that,
standard acl = inside source
extend acl = outside source.
But what it is the diff.
Could anyone please explain, thank you in advance.
the best everyone going for take CCNA EXAM
Hi john,
Standard access lists deny traffic based on addresses i.e., all the traffic is affected.
For example, all traffic from subnet 192.168.3.0/24 can be denied from reaching the host 10.2.2.1.
But in extended access lists, you can limit traffic based on protocol and service.
For example, you can limit only telnet requests from subnet 192.168.3.0/24 and allow other traffic.
You can see the difference in syntax too.
Hope this helped.
pass 1000/1000
share full acl1 acl2 eigrp and dump 120-200
https://www.youtube.com/watch?v=mzHBPOAWaCY&list=PLW2Xk7jJ5ZSoFn2G_x0ql_S5AlKvaDaOZ&index=1
mallocymar,
Sí que podría conectarse el host 10.45.45.0 255.255.0.0 por que en ningún caso 255.255.0.0 en una ACL puede ser una máscara de subred. Puedes poner los valores binarios que quieras que seguirá siendo una máscara wildcard, aunque sean parecidos a una típica máscara de subred.
Un saludo.
@vouchers
don’t use these vouchers, you can get a lifetime ban on all future cisco exams and nullification of all previous certifications.
BEWARE!!!!!!
hello guys iam going to do ccna iwant new dumps
https://www.youtube.com/watch?v=Q7cTJsVxebc&list=PLF3JXcGq4iLEYCucsr8acdiUvZ-AF198e&index=1
full lap sim acl1 acl2 eigrp and dump
passed today the exam with 1000/1000. just 3 LABs ACL 1, ACL 2 mod 3, Eigrp AS 12.
there are 4 question came up. Etherchannel, OSPF.. i didnt encounter the new simlet OSPF and EIGRP..
Passed today. ACL1 ACL2 EIGRP sims.
About Q3 My confusion:
If we assume the hosts on the network attached to the Serial interface, A is true because the network is class C.
If there are other networks with Major class A and Class B networks , Hosts from this networks can access the router.example., if we have 10.0.0.0/8 network, hsots 10.0.1.0 to 10.255.255.0 are permitted. Ambiguous!
my exam pass today 972.Sims ACL, ACL2 different ip mode 3 and EIGRP AS112.
thanks 9tut and watson.
everybody good luck.
Passed My CCNA Last Week Wid Cent Percent..Muahh to 9tut..:-*
Tasted da victory..:) ol quesion frm 9tut..Pracs Acl1 Acl2(mod 3) nad eigrp..:)))!!!!!
Any Doubt dan Plz mail me @dj55255@gmail.com ….:)
Guys,
For ACL 1 sim, all we have to do is on the router write show running-config and answer 3 questions correct?
Please verify this ASAP!
Hi there, regarding Q1:
If we swap the ACL 106 from in to out we would accomplish Ping and let telnet blocked, so option B would be correct aswell right?
Passed my exam 3 labs ACL1, ACL2 and EIGRP
Hi! I’ve passed with score 1000. There was acl 1,2 and eigrp labs. I think that there was 1 new question about advantage of multi area ospf.
Hi Deepak jha & Serdar
Tell me abouth Lab: ACL, ACL 2 (mod3); what is mod3????
please anyone tell me
Irfa, mod3 means acl 2 modification 3.
acl..acl2 mod 3 eigrp .. zishan.sh96@yahoo.co.uk mail me if any one need help
This question was in today exam
Passed today 945/1000
Thanks to examtut.278q.vce,Watson.314q and 9tut simulations.
EIGRP LAB,ACL 1 and ACL 2 was there. Good luck everyone!!
Anyone have the latest dumps? Saleemmazyck@yahoo
hi guys, I have a question: the answers in multiple-choice questions don’t change, right? only the sims…
Thanks!!
Hello Mike,
The questions&answers may slightly change but the testing purpose behind each would remain the same,
Just make sure you understand each line of the acc list vs its impact when applied on a specific int/direction.
Don’t memorize questions&answers cz you can be surprised or lost !
Guys, the dumps seem to have been changed!! Labs which came were VTP, RIP, DHCP and ACL2,. :| all the best ppl. wasted 295 dollars.
The RIP nor VTP are a part of the current exam topics according to CISCO – http://www.cisco.com/web/learning/exams/list/ccna_composite2.html#~Topics
Is someone trying to mess with us ???
hi everyone
score today 903/1000
thks
@angy pls what were the sims you encountered in your exam?
@angy kindly tell us what were the simulations
keyZ and moustafa just relax i got 3 lab same thing as 9tut
eigrp,acl1 and acl2 for about dump same thing also watson mathieu no new
just pratic well
Thank You 9TUT..!! Crazy story: In the middle of my CCNA exam today, (Eigrp Lab) the fire alarm went off in the building. Everyone had to evacuate. I lost 20 minutes off my exam time, but stayed calm and recovered, passed with a 920. Whew.! ACL1 and 2 (mod 3) and EIGRP. Dumps are for chumps, all you need is here…
Hi Guys,
While Practicing Access List Simulator (I have downloaded the .pkt file of this simulator), it is asking for a password to enter into the Privilage mode.
May I know how do we check?
@kk the password is “cisco”
Hello Guys, some of the exam takers mentioned about ACL mod 3 but I can’t seem to find that simulation.
Do you have any idea?
Also, when taking these simulations, do we have to modify the configurations on the device aside from just simply answering the questions by MCSA and MCMA?
Any helpful information is really appreciated.
Thank you.
Hello Guys, this CCNA Access List Sim valid in exam 14/11/2014
but use command show ip protocol in this lab and lab eigrp and lab CCNA Access List Sim 2 Because of that command NOT Active show running-config
can you use the commands to show routing and interface and ACL
SHOW RUNNING-CONFIG OR SHOW IP PROTOCOL OR SHOW IP ROUTE
I would like to know that in real exam this sim would come like multiple choice answer or we have to issue those actual commands from either connected console or in router ???? please make it clear for me.
Sincerely,
Just Passed with Score 986 !!! Thanks 9tut !!! Watson dump is 100% Valid Ether channel question was there today(Speed Mismatch).. SIMs were ACL,ACL2 (MOD 3 Host A) ,EIGRP with change in IP.Important thing Specialy concentrate on Multiple choice questions as the answer key order will be entirely changed so try to under stand the answers properly else all very easy best of luck for you all..Last but not least I came here (9tut) little late .9tut is realy awesome for CCNA .With 9tut you can win the Exam 100%!!!! Thanks you for all your valuable comments here friends :-)…
Could anyone please let me know we have to answer multiple choice or run commands as well in exam for this sim.
Asif for ACL1 SIM just answer the multiple choice ..also type the sh run command from the topology
for ACL2 & EIGRP you need to change the router configrations using commands ..
All the very best ..
Acl2,acl1 and eigrp same modification 3 only the same network only change ip address thaks alot 9 tut <3
please tell me TAB and help command can be used in exam ?
passed today with 849/1000. Guys, had this SIM, but never ever try to memorize anything from the examples. Learn how configurations work. exam asks for different set of commands and ACLs to be configured. But the concept and the way to approach it is presented here. Best of luck from Orange County, California, USA
Passed 905/1000. Use Watson dump, acl questions and EIGRP. Good luck everyone
Hi guys. Just want to know how do we answer this ACL sim in real exam. Is it by clicking the bullets or changing the sim configuration?
how many points in the exam per lab sim?
passed today 986/1000
watson damp
ACL1 , ACL2 , Eigrp
Best wishes to all