Refer to the exhibit.
An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.
Which command set accomplishes this task?
The correct command set should create a time range for the weekend, define an access list to deny the Telnet traffic from R3 to R2 during that time, and then apply this access list on the appropriate interface of R1. B uses the correct time range for the weekend (00:00 to 23:59 on Saturday and Sunday), and the access control list correctly specifies the Telnet traffic to be denied (TCP port 23), while permitting all other traffic. Applying this access list inbound on R1's G0/1 interface ensures that traffic originating from R3 is filtered appropriately before it reaches R2.
B Access lists that are applied to interfaces do not filter traffic that originates from that router!
Men i keep forgetting that i need to work on that, thanks
A - wrong because outbound list won't block telnet from same router, AND it has the time-range on the permit statement. B- correct! C- wrong because it has no deny statement D- wrong because it includes Friday
A. RouterR3(config)#time-range WEEKEND RouterR3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 RouterR3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND RouterR3(config)#access-list 150 permit ip any any time-range WEEKEND RouterR3(config)#interface G0/1 RouterR3(config-if)#ip access-group 150 out B. RouterR1(config)#time-range WEEKEND RouterR1(config-time-range)#periodic weekend 00:00 to 23:59 RouterR1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND RouterR1(config)#access-list 150 permit ip any any RouterR1(config)#interface G0/1 RouterR1(config-if)#ip access-group 150 in
C. RouterR3(config)#time-range WEEKEND RouterR3(config-time-range)#periodic weekend 00:00 to 23:59 RouterR3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND RouterR3(config)#access-list 150 permit ip any any time-range WEEKEND RouterR3(config)#interface G0/1 RouterR3(config-if)#ip access-group 150 out D. RouterR1(config)#time-range WEEKEND RouterR1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 RouterR1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND RouterR1(config)#access-list 150 permit ip any any RouterR1(config)#interface G0/1 RouterR1(config-if)#ip access-group 150 in
cisco_R3(config)#time-range q_277 cisco_R3(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday cisco_R3(config-time-range)#periodic weekend ? hh:mm Starting time cisco_R3(config-time-range)#periodic weekend 00:00 ? to ending day and time cisco_R3(config-time-range)#periodic weekend 00:00 to ? hh:mm Ending time - stays valid until beginning of next minute cisco_R3(config-time-range)#periodic weekend 00:00 to 23:59
cisco_R3(config-ext-nacl)#do s access-l | b 266 Extended IP access list q_266 10 deny tcp any any eq www time-range q_277 (inactive) 20 permit tcp any any range 22 443 cisco_R3(config-ext-nacl)#do s runn | s access-l ... ip access-list extended q_266 deny tcp any any eq www time-range q_277 permit tcp any any range 22 443 cisco_R3#show time-range time-range entry: q_277 (inactive) periodic weekend 0:00 to 23:59 used in: IP ACL entry cisco_R3#
ACL cannot block traffic originates from the router were is applicatted Regards
Shouldn't the ACL be applied outbound on R1 Gi0/1 interface?
B is correct even if the solution is not the best practice, cause the access-list is recommended to be applied on the R3 interface outbound.
B. A and C are easily discarded with the fact that ACLs are not processed by the router that originates the traffic. D is using a wrong time range, I think that if you're going to define the day individually the syntax should be something like this: time-range TEST periodic Saturday 00:00 to Sunday 23:59 but the keyword "weekend" covers this day range.
Sorry, I misread, D is using the wrong days entirely. Friday isn't part of weekend period.
Both A and B will block the telnet traffic during the weekend. But only B will allow the rest of the traffic during the the rest of the days. Answer is B.
This question is still asked. Passed today.
A is the right answer. there is no "periodic weekend" command.
Actually, there is a periodic weekend... but... Ill check it again.
Yes, B is right, the outbound access list can't block traffic from the control plane (CLI).