Which configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6?
Click on the arrows to vote for the correct answer
A. B. C. D. E.A.
Option C is the correct answer. This configuration implements an ingress traffic filter on a dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6. Let's break down the configuration to understand how it works:
pythonipv6 access-list test deny ipv6 any any eq dns deny ipv6 any any eq dhcp This line creates an IPv6 access list called "test". The access list contains two deny statements, one for DNS traffic and one for DHCP traffic. The "eq" keyword followed by the protocol name and port number specifies the protocol and port number to match for the deny statement.
diff! output omitted This line represents omitted configuration that is not relevant to this question.
pythonpermit ipv6 any any This line permits all other IPv6 traffic that does not match the deny statements in the access list "test".
In summary, the configuration in option C denies any IPv6 traffic with a destination port of DNS or DHCP while allowing all other IPv6 traffic. This effectively filters ingress traffic on the dual-stack ISR border router to prevent attacks from the outside to services such as DNSv6 and DHCPv6.