CCNA Network Services and Security • Set 30
CCNA Network Services and Security Practice Test 30 — 15 questions with explanations. Free, no signup.
You are connected to R1. The network currently permits all HTTP traffic from hosts on the 192.168.1.0/24 LAN to reach the web server at 203.0.113.10, but SSH traffic (TCP port 22) from the same LAN is being blocked. Additionally, you must ensure that no other traffic from the LAN reaches the server. Configure an extended ACL on R1 to allow only HTTP and SSH from the LAN to the server, and apply it inbound on the correct interface. Verify your solution.
R1#show running-config | section interface
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group BLOCK_SSH in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 203.0.113.1 255.255.255.252
duplex auto
speed auto
!
R1#show access-lists
Extended IP access list BLOCK_SSH
10 deny tcp 192.168.1.0 0.0.0.255 host 203.0.113.10 eq 22
20 permit ip any anyR1#show running-config | section interface
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group BLOCK_SSH in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 203.0.113.1 255.255.255.252
duplex auto
speed auto
!
R1#show access-lists
Extended IP access list BLOCK_SSH
10 deny tcp 192.168.1.0 0.0.0.255 host 203.0.113.10 eq 22
20 permit ip any any