Refer to the exhibit
An engineer must deny HTTP traffic from host A to host 3 while allowing all other communication between the hosts.
Which command set accomplishes this task?
A . SW1(config)# mac access-list extended HOST-A-B
SW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd
SW1(config)# ip access-list extended DENY-HTTP
SW1(config-ext-nacl)#permit tcp host 10.1.1,10 host 10.1.1.20 eq www
SW1(config)# vlan access-map DROP-MAC 10
SW1(config-access-map)# match mac address HOST-A-B
SW1(config-access-map)# action forward
SW1(config)# vlan access-map HOST-A-B 20
SW1(config-access-map)# match ip address DENY-HTTP
SW1(config-access-map)# action drop
SW1(config)# vlan filter HOST-A-B vlan 10
B . SW1(config)# mac access-list extended HOST-A-B
SiW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd
SW1(config)# ip access-list extended DENY-HTTP
SW1(config-ext-nacl)#deny tcp host 10.1.1.10 host 10.1.1.20 eq www
SW1(config}# vlan access-map DROP-MAC 10
SW1(config-access-map)# match mac address HOST-A-B
SW1(config-access-map)# action drop
SW1(config)# vlan access-map HOST-A-B 20
SW1(config-access-map)# match ip address DENY-HTTP
SW1(config-access-map)# action drop
SW1(config)# vlan filter HOST-A-B vlan 10
C . SW1(config)# ip access-list extended DENY-HTTP
SW1(config-ext-nacl)#deny tcp host 10.1.1.10 host 10.1.1.20 eq www
SW1(config)# ip access-list extended MATCH_ALL
SW1(config-ext-nad)# permit ip any any
SW1(config)# vlan access-map HOST-A-B 10
SW1[config-access-map)# match ip address DENY-HTTP
SW1(config-access-map)# action drop
SW1(config)# vlan access-map HOST-A-B 20
SW1(config-access-map)# match ip address MATCH_ALL
SW1(config-access-map)# action forward
SW1(config}# vlan filter HOST-A-B vlan 10
D . SW1(config)# ip access-list extended DENY-HTTP
SW1(config-ext-nacl)#permit tcp host 10.1.1.10 host 10.1.1.20 eq www
SW1(config)# ip access-list extended MATCH_ALL
SW1(config-exl-nacl)# permit ip any any
SW1(config)# vlan access-map HOST-A-B 10
SW1(config-access-map)# match ip address DENY-HTTP
SW1(config-access-map)# action drop
SW1(config)# vlan access-map HOST-A-B 20
SW1(config-access-map)# match ip address MATCH_ALL
SW1(config-access-map)# action forward
SW1(config)# vlan filter HOST-A-B vlan 10
Answer: B
Leave a Reply