HPE6-A73 Exam QuestionsBrowse all questions from this exam
Go to Exam

HPE6-A73 Exam - Question 79

An administrator wants to drop traffic from VLAN 6 (10.1.6.0/24) to VLAN 5 (10.1.5.0/24), but allow all other traffic. What is correct configuration to accomplish this?

A.

B.

C.

D.

Show Answer
Correct Answer:

To drop traffic from VLAN 6 (10.1.6.0/24) to VLAN 5 (10.1.5.0/24) while allowing all other traffic, the correct configuration involves defining a policy and then applying that policy to the VLAN. The appropriate configuration should deny the specific traffic and allow all other traffic, ensuring the policy is applied correctly. Here is the correct configuration: 1. Define a class to match the traffic between VLAN 6 and VLAN 5. 2. Define a policy to drop the matched traffic. 3. Apply the policy to VLAN 5. This is correctly represented by the following choice: class ip VLAN5 10 match ip 10.1.6.0/24 10.1.5.0/24 exit policy VLAN5 10 class ip VLAN5 action drop exit vlan 5 apply policy VLAN5 in Therefore, the correct answer is D.

Discussion

9 comments
Sign in to comment
Alialo
Nov 3, 2022

i have to choose D A wrong, should apply policy, not access-list B wrong, should deny 10, not permit C looks right, but now in CX CLI, it should be routed-in, not in (tested with 8400) D is ok and tested with 8400 vlan 20 apply policy vlan20 in or interface vlan 20 apply access-list ip vlan20 routed-in

SeidorBruno
Jul 1, 2023

Correct Answer D: Page 316 & 317 Study Guide: olicies can also be applied to a VLAN or an interface. The apply command is used, but in the interface or VLAN context. [Aruba Networks] Note: There are no implicit deny in policies. If you want to apply a policy on traffic, it must match a permit. [Aruba Networks]

alex711
Feb 23, 2023

C is correct answer

gian911
May 31, 2023

for me it's D From study guide, an ACL cannot be applied to a SVI interface so it cannot be C

slotblocker
Jun 4, 2023

Selected Answer: D switch(config)# class ip VLAN5 switch(config-class-ip)# 10 match ip 10.1.6.0/24 10.1.5.0/24 switch(config-class-ip)# exit switch(config)# policy VLAN5 switch(config-policy)# 10 class ip VLAN5 action drop switch(config-policy)# exit switch(config)# vlan 5 switch(config-vlan-5)# apply policy VLAN5 in switch(config-vlan-5)# exit

mrdoctor
Jul 29, 2023

Answer is D.

slotblocker
Jun 4, 2023

switch(config-if-vlan)# apply access-list ip VLAN5 in Invalid input: in switch(config-if-vlan)# apply access-list ip VLAN5 routed-in Routed inbound (ingress) traffic routed-out Routed outbound (egress) traffic New AOS-CX does not accept under C.

gcg
Jun 9, 2023

I think is letter D

johnhenri
Apr 1, 2024

Answer is D: - A wrong because ACL are not supported on SVI & ACL ID is not defined (only a policy with same ID) - B wrong because ACL are not supported on SVI and it sould be a deny on rule 10 - C wrong because ACL are not supported on SVI - D is ok