A customer deployed an ISE solution that allows for web authentication and URL redirect enforced from the access layer. Due to control plane security concerns, only host IP 10.0.1.25 should have HTTP access to these switches. Which configuration must be applied to the switches?
In the given configuration scenario, only host IP 10.0.1.25 should have HTTP access to the switches. To achieve this, an access list can be created to allow only this host and deny all others, followed by applying this access list to the HTTP server configuration. The configuration shown in option B uses a standard access list, which is appropriate for this purpose and aligns with the required syntax. The lines 'ip http server' and 'ip http secure-server' enable HTTP and HTTPS servers, respectively, and 'ip http access-class 10' applies the access list to the HTTP server configuration, restricting access as required.
The acl example in the link is standard access list, the given answer is correct. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/command/nm-https-cr-book/nm-https-cr-cl-sh.html#wp1110651970
HTTP should fall in extended access-list, so that will rule out B and C. A overall looks right.
ip http access-class access-list-number access-list-number -> *Standard IP access list* number in the range 0 to 99, as configured by the access-list global configuration command.
B is correct