advantages, similarities, and diTtereiees ot edel.DITTeelitiate & pel lllete fir
ID: 3737011 • Letter: A
Question
advantages, similarities, and diTtereiees ot edel.DITTeelitiate & pel lllete firewall from a client firewall. (TCO B) Given the commands shown below, identify the ACL type. Explain what happens when the ACL is applied. configure terminal interface FastEthernete/e ip address 192.168.200.1 255.255.255.0 ip access-group 100 in access-list 180 permit tcp host 192.168.20e.10 any eq www time-range TWODAYS access-list 100 permit tcp host 192.168.200.10 any eq login time-range ONETIME time-range TWODAYS periodic Tuesday Thursday 14:00 to 22:00 time-range ONETIME absolute start 84:00 12 February 2011 end 18:00 12 February 2011 End Question 11 15 pts (TCO C) Discuss how scanning fits into steps or sequences when hacking an organization. Describe the tools and objectives of scanning by a hacker. Question 12 15 pts (TCO C) Describe specific situations in which TACACS+ would be used rather than RADIUS.Explanation / Answer
As you are configuring at the source, ( specifying the source address, protocol type etc), so the ACL type is Extended.
From Cisco learning sites, you can find that the standard ACL is used at the destination, where traffic is filtered/prioritised w.r.t the source address only. Whereas in case of extended ACL, you can use it at the source, specifying the parameters (source, destination, protocol, port no. etc). As in your case, we are doing configuration near the source and using protocol tcp, so this comes under Extended ACL.
The command (shown in your picture) configures an access list named 100, which references a time range named TWODAYS. The access list and time range together permit www traffic on interface FastEthernet0/0 starting at 14:00 to 22:00 of every Tuesday Thursday.
configure terminal ------- Enters global configuration mode.
!
interface FastEthernet0/0 --------- Select the Interface on which configuration to be done
ip address 192.168.200.1 255.255.255.0 --- Configure the ip address and subnet mask
ip access group 100 in -------------- Assigns an access list 100 to the interface FastEthernet0/0 to filter the incoming packets
!
access-list 100 permit tcp host 192.168.200.10 any eq www time-range TWODAYS
Create an access-list named 100 where it will permit tcp packets from host 192.168.200.10 to any www traffic within the time range specified by TWODAYS
access-list 100 permit tcp host 192.168.200.10 any eq login time-range ONETIME
Create an access-list named 100 and permit login traffic from 192.168.200.10 in the time range specified in ONETIME
!
Note - When creating a time range with time-range command, you need to specify an unique name. Executing the time range command takes you to the sub configuration menu, where only two types of ranges you can specify. one time only (absolute) and recurring (periodic).
time-range TWODAYS
Create a time-range named as TWODAYS
periodic Tuesday Thursday 14:00 to 22:00
This time range is periodic, so it will run forever for every Tuesday and Thursday starting at 14:00 to 22:00.
!
time-range ONETIME
Create a time-range named as ONETIME.
absolute start 04:00 12 February 2011 end 18:00 12 February 2011
This time range is absolute so it will be applicable for only one time. i.e. Starting from 04:00 12 February 2011 to 18:00 12 February 2011
Note: In absolute time-range, you must specify the starting time and end time in 24 hrs format. If you didn't mention the ending time, then it will default to 23:59 31 December 2035.
!
End ---- Return to global configuration mode
Ping me back for any doubts. Thank you.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.