CCNA Access List Sim

@9tut
will save the link for future use, thanks

@9tut: It’s about your comment to Q3:

“But here raise a question…

The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…

But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!

Please comment if you have any idea for this sim!”

Answer A will be incorrect only for another ip address mask of S0/0/1 interface i.e. for mask 255.x.0.0 then x<255 (0, 128, 192, 224, 240, 248, 252, 254)
But in our case IP address of s0/0/1 is 10.45.45.1/24 so answer A will be correct and for mask 255.255.0.0 in the ACL 115.

process of elimination:
A – No host could connect to Router through s0/0/1
if the host is on 10.0.0.0/23 then 10.0.1.0 could connect…
if the host is on 10.0.0.0/8 then 10.200.250.0 could connect…
any kind of traffic allowed to come in from those IPs
weird option, but this is the only one left standing

B – Telnet and ping would work but routing updates would fail.
telnet would work (no ACL applied to VTY lines)
ping would work from 10.0.1.0/23 (for example)
not a passive interface, it would receive routing updates. invalid option.

C – FTP, FTP-DATA, echo, and www would work but telnet would fail
all traffic is allowed to come in, telnet is no exception. invalid option.

D – Only traffic from the 10.4.4.0 network would pass through the interface
well, actually 10.4.4.0 is the only IP permitted to go in and that’s the network ID on this case. no way a host would have it as its IP. invalid option.

i think option A should better be changed from:
“No host could connect to Router through s0/0/1″ to
“Not all hosts could connect to Router through s0/0/1″…

weird question, weird answer

I think we have to remember about “Occam’s razor” and choose an answer for the network on the picture. It’s a small network with private IP addresses and only 3 networks connected to the router:
F0/0 – 10.4.4.0/24
S0/0/0.1 – 10.140.3.0/24
s0/0/1 – 10.45.45.0/24
And in this case – option “A” is correct.
If we’ll have more complex network an answer “A” will be incorrect too.

hi everybody!
I’ll pass ccna next week, if anyone has the latest dumps please send it to me hind.honey@yahoo.fr
thank you

SO does dat mean dat the original subnet mask for access-list 115 was 0.0.0.255 which i have never seen before?

hello everyone my exam on 19 oct please tell me which sims should i go for & please tell me about any modification in the exam

9tut please upload modified sims

i have studied acme 486 vce & 9 tut sims
is this enough
please tell thanks in advance

Do we have to correct the configuration during the exam?

I passed my CCNA today.. Thanks to 9tut and examcollection

hey all about the last qus.. here he wrote the the access list 115 assuming the addrissing scope that he have this simulation have the addresses :
1- 172.16.4.0/24
2-10.145.145.0/24
3-10.4.4.0/24
4-10.140.3.0
5-10.15.15.0/24

all of them are claas are subnetted with 255.255.255.0 so the WCM is 0.0.0.255 then when we use the 0.0.0.0 255.255.255.0 in ACL this means IGNORE the 255′s OCT’s and look in the 0′s oct’s and we all know that if we have a claas (C ) ip address we cant assign for example 192.168.1.0/24 for a host so the answer is A :D

Understand Access Control Lists.

http://www.info-it.net/cisco/ccna/Baisc-Access-List.html

For Q3, ans A is correct as we cant have 2 “INBOUND” acls on an interface….102 gets overwritten by 115 and 115 allows a n x.x.x.0 address which is not possible as it is a network address and cant be assigned to a host.Thumbs up for 9tut :]

For the sake of sanity, guys, STOP saying that a host address ending in 0 is not valid!!!

xallax, and others above him, did show you clear enough that any host which is part of a network with a netmask equal or less than /23, CAN have the last octet with a 0 value!

@lydia: wilcard masks shouldn’t be thought as necessarily having to have an inverse that makes a valid subnet mask. This approach is true only when translating subnet mask -> wildcard mask, but not the other way around.

Wildcard masks can be used to select discontinuous ranges of IP addresses.

E.g. a wildcard mask of 0.0.0.254 will select every second IP address in a /24 range.
A wildcard mask of 0.0.254.255 will select every second /23 network in a given range (it will be the even or the odd value of the 3rd octet depending on the IP address that’s in front of the wildcard mask).

There are even much more complex examples of discontiguous IP ranges which are selectable by wildcard masks, so while a simple wildcard mask can be derived by inversing a subnet mask, the vice-versa is not always true.

Hey guys I dont know why you argue about Q3, it is all correct.

ACL says: permit ip 0.0.0.0 255.255.255.0 any
meaning those first three octets can be anything and the last one has to be 0.

If we look under serial 0/0/1 interface we see that it has IP address of 10.45.45.1. and subnet mask of 255.255.255.0, meaning that a host to be possible to transmit data to this interface must be in same subnet (must have first three octet 10.45.45 and last one octet, a valid IP host address 1-253).

Due to fact our access list says last octet has to be 0, even though first three can match 10.45.45, last one is invalid (because it is subnetwork address), and we all know that is not valid host address to send to interface serial 0/0/1.

I hope i helped-

“For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!”

Again you won’t be able to access s0/0/1 not because of the access list, but because the host will be on different subnet than the interface.

If you put them on the same subnet then you’ll need another answer which will state that all hosts with ip addresses that satisfy the condition ip= x.x.x.0/16 and that are not network or broadcast will access the router.

Thankxxx Guysssss……..

@9tut,
Do you have .pka and .pkt files that are compatible with Packet Tracer version 4.1? I would love to run your simulations but i have an older version of packet tracer. If yes, please send to krs828@yahoo.com

TIA, /KRS

this site is extremely helpful to pass the CCNA exam. Thank you guys for all the sims and questions on this site. just go through all the sims and the 665q dumbs.. study the sims and concept mainly.. you learn a lot from these questions and thus you can handle almost any ccna question from the enhanced knowledge you get through these dumbs and sims. my advice is to use these material positively to enhance your knowledge and thus help yourself to pass CCNA. GOD bless!!

@KRS: It’s a pity we don’t have older version of these sims.

@krs
you can visit this forum and get some info regarding the latest version of packettracer
http://www.certprepare.com/forum/index.php?showtopic=1664

Dears
if you have any latest dumps please send me because my exam is on this week end

hossam.saber4@gmail.com

thnx in advance

how do you very these questions?? im writing tomorrow, any help would be appreciated.

much thanks and Good Luck

i dont hv any knowlenge on d CCNA SIM can i still pass ccna 640-802

hello there…

Can someone plz explain why cant switch ping router 10.4.4.3 in first place?

i think when it tries to ping router’s fa0/0 it generates echo request, so the access list shouldnt block it….

comments plz..

Hi All,
I have gone through the discussion regarding ques3. May be i meed something here. So what is the correct answer for this question?

AGAIN FOR NEVER-ENDING ->>> Q3 << IS CORRECT ANSWER.

FAQs for those whom had doubt about:
Q1: Network addresses (eg. 10.2.3.0) can’t be assigned to an interface:
A1: WRONG!!! (it always depends of mask, eg. of valid IP of interface: 10.2.3.0 255.255.252.0

Q2: If network address can be assigned to an interface, then A is incorrect answer
A1: WRONG!!! In this particular task interface S0/0/1 has mask of /24 therefore
you can not reach it from zero network address ip (10.2.3.0) because all of these kind of addresses will be from different subnet.

Question is tricky but very clear after all -> If it still makes no sense to you, repeat subnetting section from your course materials!
Good luck champs!

A -> IS CORRECT ANSWER.
(see above, (sorry it deleted part of my post somehow)

God bless u 9tut love all the stuff available on the site… really great full to the team of 9tut me going to attempt exam on 23rd dec hoping for good results…

Option A is correct for the third question. If you notice, ospf is running for interface in question and the ACL 115 would not allow neighbours to be formed hence no host on this interface.

router ospf 100
log-adjacency-changes
network 10.4.4.3 0.0.0.0 area 0
network 10.45.45.1 0.0.0.0 area 0
network 10.140.3.2 0.0.0.0 area 0
network 192.168.2.62 0.0.0.0 area 0

Pls infom to me new dump send this emailid mayur.shrikar@gmail.com.
I wait u r reply, I hops to any frd to help me us… thanks but i waiting u r reply..

if anybody has latest pass4sure dumps or any other valid dumps other than collisio 486q then please mail them to me .. at rishiraj1989@hotmail.com

9Tut and zallax nice jobs!!!!!!

i been Following you guys for 15 days .

9TUT:- For Q3 (Please comment if you have any idea for this sim)

what i feel is ,the network which connect to s0/0/1 will have 24 bit mask (to be on same subnet),so anyways for x.x.x.0(i care),0 will never be assigned to any host
so acl 115 fits well.and hence ans should be A.

@manoj
yes, answer A is true on this scenario, but 9tut’s explanation also covers the case with subnets on a class A network.

my email is kun23m@yahoo.vom
send me the latest exams question

@ Q3

We have wild card mask as 0.0.0.255 it means
00000000.00000000.00000000.11111111

and ip add as 0.0.0.0

which in return means
that access list will check only the fourth octet and it doesnt care about 1st 2nd and 3rd octet because of wildcard mask, if the fourth octet is exactly same it will permit it

Suppose we have ip add of
10.0.0.0/23
now the range of first 2 subnets as
1)10.0.0.0-10.0.1.255
2)10.0.2.0-10.0.3.255

The valid range is obviously removing the net id and broadcast it

Therefore Valid range is
10.0.0.1-10.0.1.254
and
10.0.2.1-10.0.3.255

We can place any ip add from the valid range to any device and still the IP will we valid
so lets take 10.0.1.0 from the first subnet
If access list 115 have to process this ip that is 10.0.1.0/23 it will permit because:
1) 10.0.1.0/23 is a valid IP address and it can be assigned to any device
2) the wildcard mask is 255.255.255.0 which means that access list will only check the fourth octet if its same it will permit it therefore in this case ip address 10.0.1.’0′/23 will be permitted as the fourth octet of 0.0.0.’0′ 255.255.255.0 is same

Q3 option A seems invalid
But remember that we are applying access list on s0/0/1 usually serial interface use mask of /30 right ?

keeping that in mind option A seems right but its obviously not perfectly correct

Hi Friends,

How do i post questions with screens. I have some doubts and wanted to ask them. Please let me know if there is a way to do on this site

I am going to give my paper this month.. any latest dumps or suggestions will be appreciated.

friend4you1@hotmail.com

I belive the answer for Q3 is B.The explanations are alredy said.I only add : routing updates
come from neighbours, in that case with a source address from 10.45.45.0/24 network and because of /24 would not pass.

For Q3, the answer is obviously “A”.

Since the question states that S0/0/1 ip address is on class C network, the last octet to match ACL is 0 which is network address.

For Q1, are you sure it’s answer E ?
Cause if you apply Access-group 104, ICMP-Echo-Reply is denied. Don’t you need the reply for a successful ping ?
In my opinion, it should be answer B.
If you apply Access-group 106 out, it denies any telnet traffic from leaving the router, while the Echo-Reply is allowed and you would get a successful ping command.

@invetalcom
i think Acl 106 have implicit deny ip any any. That’s why ACL 104 can be right answer.

@invetalcom: The ACL is applied to the inbound interface. So if the echo-reply is received on the Fast interface, the packet will be discarded. The very reason for a echo-reply to come across Fast interface is the PING request from the router or the inside network which would send an echo request to the switch and echo-reply would arrive as a response.

It need not do anything with the ping request / ECHO request from the switch and ECHO reply to the switch.

Hello, for Q3, no protocol would be accepted because of the implicit deny any in the end right? ACL 115 doesn’t explicitly say to accept any telnet or ping. So the only thing to focus is the ip address and wildcard mask? Please explain.. Thanks.

hello everyone… can u clarify me on this thing…
for eigrp lab, is there a need to advertise the route for the ISP on the R1 router (the router connected to ISP router)?