Refer to the exhibit. What can be determined from this output?
- The ACL is missing the deny ip any any ACE.
- Because there are no matches for line 10, the ACL is not working.
- The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
- The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.
|Answers Explanation & Hints:
ACL entry 10 in MyACL matches any Telnet packets between host 10.35.80.22 and 10.23.77.101. No matches have occurred on this ACE as evidenced by the lack of a “(xxx matches)” ACE. The deny ip any any ACE is not required because there is an implicit deny ACE added to every access control list. When no matches exist for an ACL, it only means that no traffic has matched the conditions that exist for that particular line. The ACL is monitoring traffic that matches three specific hosts going to very specific destination devices. All other traffic is not permitted by the implicit deny ip any any ACE.