HPE6-A73 Exam - Question 25

Question

Examine the network exhibit:The ACL configuration defined on Core-1 is as follows:If telnet was being used, which device connection would be permitted and functional in both directions? (Choose two. ).

Examice · Accepted Answer

Client 1 to Client 2 is permitted because the traffic never crosses the core switch, so the VACL on Core-1 does not affect it. Server 1 to Client 1 is permitted because the initial traffic from Server 1 (in VLAN 10) does not match the VACL on Core-1, and the return traffic from Client 1 (in VLAN 20) is permitted by the VACL since it matches the permitted source IP and port.

pabx31 · Answer

E is wrong
Inbound VACL will apply to all ports that are receiving the VLAN traffic.  Client 1 may be able to reach client 3 but the traffic will not return since it will be dropped by the VACL.
B is correct because the traffic never crosses the core so the VACL is not used.
D is correct because the server is inbound to VLAN 10 so VACL is not used and return traffic is permitted by VACL.
C is wrong because the return traffic will cross the ACL and is not permitted for client 2. 
This picture is in my book and traffic flow is explained.

sentinel44 · Answer

BD is correct

clupato2 · Answer

B & E is correct. ACL permits traffic only from 10.101.20.21/32 IP address that is Client1.
The question asks for a connection "in both directions". So only devices in the same VLAN can communicate in both directions, as they are not affected by a VACL.

I_C_U · Answer

what you seem to be forgetting here is the VACL will only apply on core 1 for traffic that is coming into the switch and into VLAN 20, so any device outside VLAN 20 will not have the source IP of the client. Hence B and E are correct.

kup · Answer

BE correct . Servers in another vlan and must go thru core from another interface and our rule will no mutch these traffic. a has a n implicit deny

SeidorBruno · Answer

CLIENT1 - CLIENT2 - pass - Forwarded by Access2, no need to go trough CORE1
SERVER1- CLIENT1 - pass - Server 1 inbound VLAN10 on CORE1 return traffic from CLIENT1 in VLAN 20 match the ACL and is permitted.

Williams926 · Answer

I think correct answer is B&D. Because inbound VACL filter all traffic arrives on a VLAN whether switched or routed.

Mar_a_Lagoon · Answer

E is correct because that traffic never passes through core, so never hits the VACL.

poy4242 · Answer

CL3 - CL2 - drop on forward path by core1 cause match VLAN 20 and CL3 not CL1 as SRC IP
CL1 - CL2 - pass - no ACL cause forwarded by Access2
SR2 - CL2 - pass on forward path by core1 cause match VLAN 10 
                   Drop on return path by core1 cause match VLAN 20 and no CL1 as SRC IP
SR1 - CL1 - pass on forward path by core1 cause match VLAN 10 
                   pass on return path by core1 cause match VLAN 20 and CL1 as SRC IP
CL1 - CL3 - pass on forward path by core1 cause match VLAN 20 and CL1 as SRC IP
                   drop on return path by core1 cause match VLAN 20 and not CL1 but CL3 as SRC IP

public2002 · Answer

and the telnet traffic must flow through the core switch

public2002 · Answer

So D&E are the only possible connections. Client1 to Client2 will work but not affected by the ACL

AM1234 · Answer

The correct Answer is B&D

seb6869 · Answer

The correct answer is B&D

Disposable_Me_2018 · Answer

Only correct answer I can see is B.
Can somebody explain how options D or E can operate in both directions through that VACL?

OscarChew · Answer

BE is correct

udo2020 · Answer

The only valid solution is B and E because traffic within vlan 20 is not affected from the VACL. Traffic from server 1 will be blocked because of a wrong IP source.

johnhenri · Answer

BD is correct

HPE6-A73 Exam - Question 25

Discussion