A network administrator is configuring ACLs on a Cisco router, to allow IP access from the 192.168.146.0/24, 192.168.147.0/24, 192.168.148.0/2,. and
192.168.149.0/24 networks only. Which two ACLs, when combined, should be used?
Click on the arrows to vote for the correct answerA. B. C. D. E. F.
To allow IP access from the specified networks only, we need to use a combination of access-lists that permit traffic from those networks and deny traffic from all other networks. So, we need to use a combination of two access-lists with different network addresses and subnet masks.
The two access-lists that can be used are:
access-list 10 permit ip 192.168.146.0 0.0.0.255 This access-list permits traffic from the 192.168.146.0/24 network.
access-list 10 permit ip 192.168.147.0 0.0.255.255 access-list 10 permit ip 192.168.148.0 0.0.1.255 access-list 10 permit ip 192.168.149.0 0.0.0.255 This access-list permits traffic from the 192.168.147.0/24, 192.168.148.0/23 and 192.168.149.0/24 networks.
Note that the second access-list uses multiple wildcard masks to specify the range of IP addresses to permit. The wildcard mask is used to specify which bits in the IP address are to be ignored (i.e., treated as a "wildcard") when matching the ACL entry.
To combine the two access-lists, we can use the "deny any" statement at the end of the second access-list to block all other traffic.
Here is the combined access-list:
access-list 10 permit ip 192.168.146.0 0.0.0.255 access-list 10 permit ip 192.168.147.0 0.0.255.255 access-list 10 permit ip 192.168.148.0 0.0.1.255 access-list 10 permit ip 192.168.149.0 0.0.0.255 access-list 10 deny ip any any
This access-list allows IP traffic from the specified networks only and blocks all other traffic.