CCNA Access List Sim 2

1.The user on host C should be able to use a web browser to access financial information from the Finance Web Server.

access-list 100 permit tcp host 192.168.33.3 host172.22.242.23 eq 80

2.
No other hosts from the LAN nor the Core should be able to use a web browser to access this server

access-list 100 permit tcp any host 172.22.242.23 eq 80

note: you have to specify the port which 80/www/http with tcp — if leave tcp and no port you are blocking the whole tcp protocol access to this box

3.Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

access-list 100 permit ip any any

read the requirements slow!

my bad –
access-list 100 permit tcp any host 172.22.242.23 eq 80

should be;
access-list 100 deny tcp any host 172.22.242.23 eq 80

i should read answers slow

@Anonymous
Shouldn’t the second state be deny instead of permit since it said no other hosts ?

@Anonymous
ok nevermind you did it after I just added a comment .

Hey guys!! Learned the 3rd modification!!!! ..The one that has 4 conditions but you have to use the ACL only using 3 sentences I took the test and that one comes on the test!!!

@Shalayy: You can use any number from 100 to 199.

I’v done this sim, and worked for all LAN network but, with this instrucctions the CORE network still have access to the Finance Web Server on port 80, because this traffic doesn’t need the L3 device, the SW Core forward the traffic directly.

please help me.
shld i put
1)access-list 100 deny ip any host 172.22.242.23 or
2)access-list 100 deny tcp any host 172.22.242.23

on the second command..

@Mr. Ketan
1.Host B should be able to use a web browser(HTTP)to access the Finance Web Server
Ans:access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

2.Other types of access from host B to the Finance Web Server should be blocked
Ans:access-list 100 deny ip host 192.168.33.3 host 172.22.242.23

3.All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
Ans:access-list 100 deny ip any host 172.22.242.23

4.All hosts in the Core and local LAN should be able to access the Public Web Server
Ans:access-list 100 permit ip any host 172.22.242.17
Want to know if i’am correct,if not pls. correct me thanks and to all folks on this platform

@ Sam
Yes u r correct but in exam they say that,
“The task is to create and apply a numbered access-list with “NO MORE THAN THREE STATEMENT” that will allow ONLY host B web access to the Finance Web Server. Other types of access from host B to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server.”
Therefore i give that commands & i get 100% in it.
In last configuration ur “access-list 100 permit ip any host 172.22.242.17″ command is 100% right but in last we mostly give “permit ip any any” command to permit others therefore i give it & its permit the same hosts to Public Web Server therefore no problem but i don’t know if u apply it on real exam how much % u get in sim, therefore my advice to u is don’t take risk, bcoz my configuration get 100%, if u want to used ip of Public web server in configuration then one another solution is there,

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 permit ip any host 172.22.242.17
access-list 100 deny ip any any
I think it helps u, if any Q. in ur mind then pls ask me. u r welcome.

pleasee… i need an ans for my qns.

@Mr. Ketan
so the access-list 100 permit ip any host 172.22.242.17 or access-list 100 permit ip any any which one is right to use in the exam.

@confuseccnastudent: You have to use
1)access-list 100 deny ip any host 172.22.242.23

as the question says “all other traffic”.
Just for your information, when using “tcp” we often specifiy the port as well.

@tut
ok thank u, in other words i can still incl the below statemment provided i include the port numbr?.
access-list 100 deny tcp any host 172.22.242.23 eq 80
qns No other hosts access to finance

access-list 100 deny ip any host 172.22.242.23
qns all other traffic deny access to finance.

-confuseccnastudent

@sam
For this Q. in exam
- Host B should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host B to the Finance Web Server should be blocked
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
I apply this configuration & i get 100%, therefore my advice to u is, if u also get this Q. in exam then apply this configuration,

access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any

Bcoz i get 100% in it therefore my advice to u is, u also apply this configuration in exam.

@Mr. Ketan
you have been given 4 task to do but you only did 3 why? from your statements.
thanks Best Rgds.

@Mr.Ketan
1.Other types of access from host D to the Finance Web Server should be blocked

Ans:access-list 100 deny ip host 192.168.33.4 host 172.22.242.23

2.All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

Ans:access-list 100 deny ip any host 172.22.242.23
pls check it is wrong or correct.Best Rgds.Tanks alot

@ sam
Bcoz in real exam they ask same 4 task & say no more than 3 statement to configure, therefore in real exam u don’t give more than 3 commands otherwise ur marks may be reduced & if u look the configuration it satisfy the 4 conditions in 3 steps.

Yes ur configuration for Host D, Core & local LAN is right but u deny other access to host D & also to core or local LAN then why u type two commands bcoz in second command Host D also include automatically when u wright any to deny all services, u no need to give first command.

@Mr. Ketan
very Big thanks.
God bless you

Hi,
Anyone can clarify which is correct.

Host B should be able to use a web browser(HTTP)to access the Finance Web Server
Other types of access from host B to the Finance Web Server should be blocked
All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
All hosts in the Core and local LAN should be able to access the Public Web Server

Answer from someone’s comment:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 permit ip any host 172.22.242.17
access-list 100 deny ip any any

From 9tut:
- Host C should be able to use a web browser(HTTP)to access the Finance Web Server
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

- Other types of access from host C to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
access-list 100 deny ip any host 172.22.242.23
(because the requirement says we can not use more than 3 statements so we have to use “any” here for the hosts in the Core and hosts in local LAN)

- All hosts in the Core and local LAN should be able to access the Public Web Server * access-list 100 permit ip any host
(If the question asks this, surely it has to give you the IP of Public Web Server) but in the exam you should use “access-list 100 permit ip any any”

For me, the 9tut is the correct answer since adding the line access-list 100 deny ip any any is already implicit so it is not necessary.

Thank you!

@ sam
U r always welcome, if any help need pls tell me, its my pleasure to help you.

@ Joe
I know that, that someone is me,
In by mistake i give host C IP address instead of Host B, that’s it, But remaining configuration is right if u look PRACTICALLY,

access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23 eq 80
access-list 100 permit ip any host 172.22.242.17
access-list 100 deny ip any any

If u say that adding the line
“access-list 100 deny ip any any” is already implicit so it is not necessary.

Then Why u give,
access-list 100 deny ip any host 172.22.242.23 &
100 permit ip any any

Bcoz instead of it u give only
“access-list 100 permit ip any host 172.22.242.17″

then also it implicit deny to others for 172.22.242.23 & configuration is done in 2 steps, Bcoz they not saying about other servers to Deny or Permit & our task is only for this 2 servers.

I’m not saying that 9tut is wrong & not also say that u used this configuration in exam, I’m only say that in practical this is also solution & I’m not recommend u that this configuration used in exam, but i just say that, this is also a solution for this task if u want to use Public Web server address in Configuration.

@ sam
I recommend that if u get this Q. in exam u use this configuration,

- Host B should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host B to the Finance Web Server should be blocked
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server

access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any

I give u another solution using Public Web Server address only for ur knowledge bcoz this is also a solution, bcoz they give Public Web Server address in exam, but i recommend u dear to use only this above configuration in exam for this Q. & also remember that this IP address i give u only for ur understanding bcoz in real exam the IP address & Host name may be different.

Passed CCNA today with 960!

EIGRP, VTP (first 5 questions) and ACL2 sims.
Watch out what you are asked! There will be some variations.

http://www.examcollection.com/cisco/Cisco.ActualTests.640-802.v2013-01-28.by.Spike.662q.vce.file.html

http://www.examcollection.com/cisco/Cisco.ActualTests.640-802.v2012-12-18.by.Acme.676q.vce.file.html

and

http://www.examcollection.com/cisco/Cisco.PrepKing.640-802.v2012-08-03.by.Brar.631q.vce.file.html

100% valid.

Thanks a lot to 9tut!

can any one please explain this question:
QUESTION NO: 461 CORRECT TEXT
A corporation wants to add security to its network. The requirements are:
- Host B should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from host B to the Finance Web Server should be blocked.
- All access from hosts m the Core or local LAN to the finance Web Server should be blocked.
- AM hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to n single outbound interface
Cisco 640-802 Exam
“Pass Any Exam. Any Time.” – http://www.actualtests.com 369
-
-
-
-
can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
A corporation wants to add security to its network. The requirements are:
- Host B should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from host B to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
- All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to n single outbound interface.
This access list can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to “cisco”
The Core connection uses an IP address of 198.18.222.65
The computers in the Hosts LAN have been assigned addresses of 192.168.86 1-
192.168.86.254.
host A 192.168.86.1
host B 192.168.86.2
host C 192.168.86.3
host D 192.168.86.4
The Finance Web Server has been assigned an address of 172.22.63.17
The Public Web Server in the Server LAN has been assigned an address of 172.22.63.18
Answer:

Corp1#configure terminal
Our access-list needs to allow host B – 192.168.86.3 to the Finance Web Server 172.22.63.17 via
web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.63.17 eq 80
All hosts in the Core and on local LAN should be able to access the Public Web Server
Corp1(config)#access-list 100 permit ip any host 172.22.63.18
All other traffic is denied
Corp1(config)#access-list 100 deny ip any any
Apply this access-list to LAN interface (need to figure out the interface to apply it to based on the
topology diagram)
Corp1(config)#interface fa0/0
Corp1(config-if)#ip access-group 100 out

( here in answer i have confusion on this line :
Our access-list needs to allow host B – 192.168.86.3 to the Finance Web Server 172.22.63.17 via
web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.63.17 eq 80)

please help me with this answer.i have exam on 16th march2013 saturday

there is no host of 192.168.33.3 mentioned in your test scenario. Your 4 hosts are 192.168.86.1 through 4. Looks like you are mixing answers to 2 different scenarios as the .33 hosts are part of the lab at the top of this page

if u r confused in lab now,plz change ur exame date right now.

Hi everyone,those already pass CCNA EXAM

tell me I am RIGHT OR WRONG………

### ONE QUESTION TWO ANSWER IN 9TUT.COM WEB SITE…

Question ?

Other types of access from host C to the Finance Web Server should be blocked

answer 1) access-list 100 deny ip host 192.168.33.3 host 172.22.242.23

answer 2)access-list 100 deny ip any host 172.22.242.23

(because the requirement says we can not use more than 3 statements so we have to use “any” here for the hosts in the Core and hosts in local LAN)

@jimmy

answer should be at number 1

because you only need to block host c from finance.

if your answer is #2 all other host will be blocked from

the finance server

Hi All,
i really need help on the ACL esp on 2nd comand. assuming the host is C
1)Deny other hosts access to the Finance Web Server via web
-Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

2)deny host C from accessing other servers (not the whole network)
-access-list 100 deny ip host 192.168.33.3 172.22.242.16 0.0.0.15

3)Not allow anyone else in any way communicate with the financial server
-access-list 100 deny ip any host 172.22.242.23

@confuseccnastudent
It is mentioning a particular network i.e 172.22.242.16 should be denied.(as it is mentioned not the whole n/w)

So what will happen if we will give command like this:
access-list 100 deny ip host 192.168.33.3 any.

THis command will block all traffic that is coming from host C to any destination which include traffic to the core also, which is not required here.

So according to the ques we are blocking the traffic from host C that is destined for the remaining servers.

@Ashis

2)deny host C from accessing other servers (not the whole network)

it stated that “other servers” w/c means the “Server Network”

the command “access-list 100 deny ip host 192.168.33.3 172.22.242.16 0.0.0.15″
should be right because it only denies Host C to other servers in the Server network

Do we use tcp or ip in access-list 100 permit ____ host (host ip) host (finance web server ip) eq 80

hello friends just passed ccna day yesterday I had 867 I admit it’s not too complicated because I already have an ACL on apperçue it was the same just instead c is a host that is the same order as eigrp and the error was on the central router and other network problem on another network to add the last was on the vtp is exactly as proposed by the site.merci to you and all those who put this online site thank you good luck for others

i passed today with 907…EIGRP,ACL-2 and VTP sim que …thanks 9tut..pass4sure

@Blue

Do we use tcp or ip in access-list 100 permit ____ host (host ip) host (finance web server ip) eq 80

>>>>
we only use TCP if we need to use it for port that are using TCP example http

Hey Ryscar,First of all, i’d like to say thanks for haknicg the MobileCouch application and making it work. I was wondering how your work for the reverse proxy SSL support was coming along, since i don’t like having couchpotato open without SSL If you need any help, dont hesitate to ask.Thanks in advance,Lukas de Boer

@maxnanabas09
Yes thats what I was explaining.

Now I’m like, well duh! Truly tahknufl for your help.

In the exam ,Did the “permit ip any any” command instead of “permit ip any host [public web server's ip]” work? Please help those who have already taken the exam

Finindg this post has solved my problem

I will right away clutch your rss as I can’t in finding your e-mail subscription hyperlink or newsletter service. Do you have any? Kindly permit me know in order that I may subscribe. Thanks. Types of Wine Racks http://atlblogs.com/rptut/archives/2003/11/germans-love-hasselhoff-but-brits-hate-titanic.html#comments

Thank you so much for 9 tut and for everyone who commented on the SIMS that was in the exam…I go my CCNA on 22 March 2013.. I used 9 tut and exam dumps to help me as well as attend the CCNA course.

I passed yesterday with 933!

EIGRP, ACL2 and VTP…

Thank you very much 9tut and Sekhar dump. You doing great job to us..godbless everyone!!!

Hi all. Can some one please tell if shekhar dumps are sufficient to prepare for CCNA and also wanted to know if we will get NAT simulations?

hi can someone pls tell me if all sim on 9tut are the same in the exam pls

Friendly Advice mates!
Don’t just rely on dumps it’s better to read books and training video to grasp each concept well!
Try this one
Todd Lamle 7th edition+CBTnuggets Video+Bryant Advantage Training+ Dumps :)
if you want some resources leave your email ! Godbless!

hi…can anyone tell me which dumps i have to prepare for certification exam

recently they posted some links in exam collections, what i have to prepare can i go for highest rating dumps or this recently posted one can anyone help plz….