CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
I will take this exam after 8 hours I wil feed you back if any changes in Q.
I hope to pass this exam with whole score
Hello everyone,
I have a question about Q3- should’t we use wildcard mask for the access-list?How come for access-list 115 they used regular subnet mask???
Very confusing question!
I guess answer A is the most reasonable.
And one more thing- what is the purpose of 0.0.0.0 subnet when typed in the example for ACL 115???
I have cleared my ccna exam and its been a whole month but still i haven’t received my certification card or certificate which cisco shipped usually .. please help me out in this regard.
my email is alihabib91@gmail.com
Hello
Dose anyone have an idea when they will change the versions?
at the last paragraph, it is written that “But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!” but I am confused here about the two word “subnet mask”, because I think it should be the wild card mask instead.
hi guys,on 26th dec 2014, I passed my ccna 200-120 exam 1000/1000.almost all questions from the dumps which I purchase it, Eigrp (23). ACL 1 multiple choice question. no need to configure anything and ACL 2 with configuration.And I also know that wich questions comes from dumps.
anyone wana dumbs I have it,but in some cost,coz its latest purchased dumbs,all the question came from this.
networkingenginer@gmail.com
03449021480
Hi this is Shailesh,
I am planning to write my CCNA R&S exam on this Monday i.e 5th Jan 2015,
If anyone has written the exam recently and passed, Please forward me the dumps that you guys have referred to pass the exam, to my email.
my email id is: shailx4@gmail.com
Thank You for Helping.
hay guys, 4 students pass the exame 916/1000,945/1000,1000/1000,992/1000 and my dumps are valid,anyone wants it contact me on my email or cell phone number#03449021480.
best of luck
can you send me the latest dumps? You have my thanks. jclsantos617@gmail.com
I cleared the exam yesterday with a score of 1000/1000. Most of the questions were asked from Watson dumps and the simulations were access list 1 and 2, Eigrp(no passive-interface for the ISP interface). New questions that I got were 1)SNMP v2 encryption – I choose md5
2)Etherchannel – DTP validation 3)OSPF process identifier is local.Thanks a lot 9tut.
I have all valid dumps for January-March CCNA exam from VCE watson with lot of other materials. Please email me cyrus_dgreat2001@yahoo.com
Hey Guys,
Could you please help me out here? I got a tip from a friend that the CCNA pattern is going to change very soon… Could you please verify…
Thank you in advance.
same dumps for december watson 314 question in 2015 or not ???
please tell us as am having my test on friday :)
Hi,
I”m about to take the exam by 3rd week or end of January, I would really appreciate if you guys could send me the materials/dumps that helps you pass the exam. Here’s my mail – donvhienice@gmail.com
Please help me. Thanks a lot!
Hi, I’m about to take the exam by 3rd or end of January, same as Vhienice above, I would really appreciate if you guys could forward/send me the materials/dumps that could help me pass the exam. Here’s my mail – zgjimkk@gmail.com
Thanks a lot.
Latest dumps pls. smartboiii@hotmail.com
Hi guys, I am scheduled for my CCNA exams end of Jan, Please if you any current dumps that can assist in my preparation, I would highly appreciate. my email is mkabeireho@gmail.com
Thanks
Hi I’m doing my CCNA this Friday. Any dumps to help reassure me that I will not completely fail would be great. My email is meca822@gmail.com
Thanks
Staff this laboratory is falling in the actual exam? Have any change?
Thanks
Hi everyone,
I am taking my CCNA exam this friday. Could anyone could share the new dump with me and i would highly appreciate.
My mail is: ovigo73@gmail.com
Thanks in advance.
Hie Everyone can someone please update me on the EIGRP sim coz im writing on the 9th of JAN
can someone please forward me the dumps? Im taking test early feb. please. my email is: chemguy90@yahoo.com
I passed the exams yesterday. The only problem I encountered was that this lab had some errors and so some commands were not being accepted like configure terminal. Thanks to 9tut.
About the problem descibed at the bottom part by the person who posted the SIM – See the help screen capture of the ACL 115 and the following assumption:
RouterC(config)#access-list 115 permit ip ?
A.B.C.D Source address
any Any source host
host A single source host
RouterC(config)#access-list 115 permit ip 0.0.0.0 ?
A.B.C.D Source wildcard bits
RouterC(config)#access-list 115 permit ip 0.0.0.0 255.255.255.0 ?
A.B.C.D Destination address
any Any destination host
host A single destination host
RouterC(config)#access-list 115 permit ip 0.0.0.0 255.255.255.0 any ?
dscp Match packets with given dscp value
precedence Match packets with given precedence value
RouterC(config)#access-list 115 permit ip 0.0.0.0 255.255.255.0 any
RouterC(config)#
In my oppinion this network (0.0.0.0/8 – class A Subnet-Zero) and wildcard 255.255.255.0 (A very extrange one, since normaly wildcards matches the inverse of a Mask…) I have to be honest and say this is the first time I see a wildcard like this one, but I have been searching and checking the rules of creating Wildcards and oppositely than Masks/SubnetMasks it doesn’t say anything about the orther in what a wildcard can matches with binary 1s or 0s a value. In summary It seems wildcard doesn’t follow the same rule than IP Masks that you never could put a binary zero before (at left of) a binary number one. So my understanding since IOS permit this kind of wildcards at the ACL command line and the logical meaning of this Address/Wildcard combinations in this case; it is telling to me it could means:
[From the whole IP addressing (Class A B and C) only matches the last 256 addresses of subnet 0.0.0.0 (0.0.0.1 until 0.0.0.254 host) and since no one use this addressing in real life (in ispite of IP SUBNET-ZERO is enabled by default since IOS 12 release on) it would means everything is denied except 254 host of the first Subne Zero from IPV4 addressing that nobody could use. Or the other interpretation "You are permiting only a short unusable range".] Don’t you think so?
BR Claudio
In fact if you connect a router in the Serial0/0/1 and change the ACL from 102 in to 115 in you will get that:
Previous to do the change:
Router#ping 10.45.45.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.45.45.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/9/19 ms
… and after doing the change:
Router#ping 10.45.45.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.45.45.1, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Additionally consider you can configure an IP from the range 0.0.0.0. See this:
RouterC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RouterC(config)#int s0/0/1
RouterC(config-if)#ip address 0.0.0.1 255.255.255.0
Not a valid host address – 0.0.0.1
RouterC(config-if)#
So the facts are telling to me:
A – No host could connect to Router through s0/0/1
is the correct one.
Thanks and regards.
Dear John!
Could u tell me which dumps are you using?
I download some dumps from examcollection but not sure about they maybe change in 2015!
Could u give me some info plz?
just want to know guys if there is any changes in the question in this sim? or just the same?
thanks guys!
Is this Sim for ICND1 exam ???
Pihappy, I think the old ones are still valid. I mainly used 9tut.
Hai frnds .
I am going to take Ccna exam in the month of Feb. So please give me the latest dumps qun. Rajasekar.0099@gm
Regarding the above explanation ,
Simply put the reason question# 3 Answer is in fact A is because the “wildcard” mask that is given is in fact not a wild card mask, it is a sub-net mask. which makes the access list invalid and would block all traffic.
I goin to take the exam soon. Any references for exam 200-120? Please email me to laughingsue@gmail.com
can you send me the latest dumps? You have my thanks.
abdallaheissa2012@gmail.com
Hi, Can you send me the latest dumps of 200-120 at atmega128a1@hotmail.com thx.
would anyone pls send me the latest dumps : boss.hug1988@gmail.com Pls . i’ll take the exam 15th feb 15.
Latest CCNA 200-120 dumps 316 Questions & Answers including all labs available.
316 question dumps are 100% valid. I already purchased that, If you need, email me
azeemsarwar1@hotmail.com
salam great colleague’s pls kindly mail me the latest dumps my exam is on the 30th of this month.bash3267@gmail.com.
Please Please requesting the latest 200-120 dumps really need it folks please I am pleading please
jasoncarrorig@gmail.com
Hi every one,
i am doing my exam after 48 hours. can anyone please confirm for the answer of question 2, is it a or b. In pass4sure it says answer is b.
Please help, email me on cisco_tech@hotmail.co.uk. Thanks
@RC, Could you post the source or paper where is saying that is valid to use a subnet mask in the place of a wildcar mask?
Sourced from the IOS help:
RouterC(config)#access-list 115 permit ip 0.0.0.0 ?
A.B.C.D Source wildcard bits
RouterC(config)#access-list 115 permit ip 0.0.0.0 255.255.255.0 ?
A.B.C.D Destination address
any Any destination host
host A single destination host
I passed the exam 2 hours ago
Thanks 9tut
Thanks everyone who helped
ACL lab Q1 & Q2 in ethe exam
and other questions from Watson dump 314
Passed today 1/28. Acl Acl2 Eigrp. All the answers are here on 9tut. No need for the dumps
29th, Alhamdullah. Score passed 94%
This one came on exam today :)
dumps: http://ccnalearn.cf/downloads.html
Pass4sure Latest 316 Q&A CCNA 200-120 dumps in PDF available. I already purchased that, if you need email me. zain.cisco@hotmail.com
Alhumdullah. i ve cleared exam today 945/1000 ACL1, ACL2, (mod3) EIGRP 122 in exam AS 22 Dumps Watson, Matthew, examtut thanks to 9tut….
Please can someone send me Watson dumps and VCE I’m having the exam on friday
evil_lord_@hotmail.com
much appreciated <3
Zain could u please mail me the dumps at pawan.salunke@hotmail.com
Dear Ozee,
Please help us to get pass the exam,