CCNA Access List Sim 2
Question
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply a numberd access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to “cisco”.
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30
The Finance Web Server is assigned an IP address of 172.22.242.23.
The Public Web Server is assigned an IP address of 172.22.242.17
Answer and Explanation
(Note: If you are not sure how to use access-list, please check out my access-list tutorial at: http://www.9tut.com/access-list-tutorial, also some modifications about the access-list have been reported so you should read the “Some modifications” section at the end of this question to understand more. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_Access-list_sim2.pkt
Corp1>enable (you may enter “cisco” as it passwords here)
We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show running-config” command to check which interface has the IP address of 172.22.242.30.
Corp1#show running-config
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).
Corp1#configure terminal
Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via web
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permitted
Corp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.
In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts.
Finally, save the configuration
Corp1(config-if)#end
Corp1#copy running-config startup-config
(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.)
Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.
Some modifications:
| permit host B from accessing finance server | access-list 100 permit ip host 192.168.33.2 host 172.22.242.23 |
| deny host B from accessing the OTHER server (not the whole network) | access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 |
| permit everything else | permit ip any any |
| Only allow Host C to to access the financial server | access-list 100 permit ip host 192.168.33.3 host 172.22.242.23 |
| Not allow anyone else in any way communicate with the financial server | access-list 100 deny ip any host 172.22.242.23 |
| Allow all other traffic | permit ip any any |
| - Host C should be able to use a web browser(HTTP)to access the Finance Web Server | access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 |
| - Other types of access from host C to the Finance Web Server should be blocked – All access from hosts in the Core or local LAN to the Finance Web Server should be blocked |
access-list 100 deny ip any host 172.22.242.23 (because the requirement says we can not use more than 3 statements so we have to use “any” here for the hosts in the Core and hosts in local LAN) |
| - All hosts in the Core and local LAN should be able to access the Public Web Server * | access-list 100 permit ip any host <IP of Public Web Server> (If the question asks this, surely it has to give you the IP of Public Web Server) but in the exam you should use “access-list 100 permit ip any any” |
| Host C should be able to use a web browser to access the financial web server | access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 |
| Other types of access from host C to the finance web server should be blocked | access-list 100 deny ip host 192.168.33.3 host 172.22.242.23 |
| All hosts in the core and on the local LAN should be able to access the Public web server * | access-list 100 permit ip any host <IP of Public Web Server> (The IP of Public Web Server will surely be given in this question) but in the exam you should use “access-list 100 permit ip any any” |
* There are some reports about the command of “All hosts in the core and on the local LAN should be able to access the Public web server” saying that the correct command should be “access-list 100 permit ip any any”, not “access-list 100 permit ip any host (IP of Public Web Server)”. Although I believe the second command is better but maybe you should use the first command “access-list 100 permit ip any any” instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.
(Note: Don’t forget to apply this access list to the suitable interface or you will lose points
interface fa0/1
ip access-group 100 out
And in the exam, they may slightly change the requirements, for example host A, host B instead of host C… so make sure you read the requirement carefully and use the access-list correctly)
I created this sim in Packet Tracer v5.2.1 so you can practice with it. You will need new version of Packet Tracer to open it (v5.1+).
Download this sim here
Notice: After typing the commands above, if you make a “ping” from other hosts (PC0, PC1, PC3) then PC4 (Finance Web Server) can still reply because we just filter HTTP traffic, not ICMP traffic. To generate HTTP traffic, select “Web Browser” in the “Desktop” tab of these PCs. When a web browser opens, type the IP address of Finance Web Server and you can see how traffic flows in Simulation Mode.
And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access-list that can filter this traffic too.
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
Hello Guys,
Can anyone please send me the latest dump at rhtd_main@yahoo.com…thanks!
Can anyone please send me the latest dump at maxamillion.2005@gmail.com …thanks!
The .30 in the diagram, is that in the real exam?
Thanks
HI all,
Could you please send latest dumps on nirajdhamangave@gamil.com
Thanks!
I guess that you should be awarded by some thesis service for your really good research just about this topic. Not lots of people can compose the same high quality thesis statement.
QCK reference for first timers:
=====================
960/1000 , total 45+3 sims questions, done on 5.1.2011
100% of this dump is valid – was in test (had 5 easy new questions)
SIMs: exact as on 9tut.com with slight differences
ACL2 -> allow only host A to connect to web server
VTP -> 5 questions from 9tut, except one regarding VTP revision on switch X was LOWER
EIGRP -> AS with different number #22, and i removed one route from core router which
did not affect funcionality but was additional thus not needed
time for test: 90 min for native speakers, 120 for non-english speaking countries.
Thank you so much 9tut and collisio dump from examcollection.com
The .30 which is in the diagram will that be in the exam?
Thanks
Thanks 9tut, i passed today with 986 score, I’m so grateful for you guys, The exam was so easy, don’t be afraid.
watch out from Access List Sim 2 LAB.
@Nabil and aRCy
In this sim ACL2 was the .30 shown in the figure in the exam?
Cheers
Mike
A really delightful idea just about this. Study and don’t forget – if you have to work and study at the same time, there are old pros who are ready to benefit you with your essays when you under time burden. I’d recomend in this case the most loyal amongs thesis writing service where you can barter for custom content.
@ anonymous
yes, .30 was show in the fig. just show run and you will see the related interface,
But in my exam the question come like this:
1- Host C should be able to use a web browser(HTTP)to access the Finance Web Server access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
2- Other types of access from host C to the Finance Web Server should be blocked
3– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked access-list 100 deny ip any host 172.22.242.23
watch the no. 3 requirement cause it’s tricky one
regards,
@Nabil
Yeah i know the 3 requirements, just wanted to make sure the .30 was shown in the exam. Also what exam questions did you use, im using pass4sure?
Thanks
Stop polluting the site with useless comments like please send me dumps WTF , find it yourself! ffs
@ anonymous
not at all
I also used Pass4sure (valid copy)
Good luck
@ 9tut.com
the information we found in your site is so useful and helpful, but comments for people like send me dump must me removed as i think
regards
Today i passed the CCNA exam with score of 867. I had EIGRP,ACL2, And some small Lab with 5 questions. Thank you 9tut for helping me pass it !
Thank you.
@Nabil nr 2 requirement ?
1st : access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
2nd:
3rd: access-list 100 deny ip any host 172.22.242.23
Anybody knows if the autocomplete for commands and the help with ?, works in the sims in the exam? i think this is very important, because you dont have to learn the commands by heart.
please, im have the exam next week and i need to know.
thanks
@boyi: sorry i didnt check that thing today, but the tab key works. In my opinion, you should learn by heart, just configure some labs by your own then all the commands will be remembered automatically.
Sim Labs: EIGRP, ACL2, and VTP orderly in the exam for today.
Thank 9tut, xallax and all of you to discuss valuable questions here.
In my report today, somehow just has 50% on ACL sim lab even thought I had checked carefully on 4PCs after configuration. They had worked as intended which PC1 can be able to get to Financial Web, and 3 others one can not. Have no idea.
Can any one say how can i access the command in real exam??
passed the test with 947 marks ALHAMDULILLAH.
-ACL Sim —>same as 9tut.Must practice modifications also.
-VTP sim —>5 ques all from 9tut.
-EIGRP —>AS 12. the router names are different.
BEST of luck.
@kashif
in the acl2 which 3 statements did you get?
Cheers
Hi all, Thanks 9tut, cleared CCNA yesterday. SIM are EIGRP,acl2 and VTP almost same. with small change in eigrp. Dumps are still valid.
Changes are:-
In EIGRP there was no routing on main router(which is connected to ISP)
Rest are almost same.All the best for all.
Thanks
@Aquil
In the acl2 which 3 statements did you get?
Thanks
HI all,
Could you please send latest dumps on kanwaramir70@gamil.com
Thanks………..!
tomorow my exam
pls dima dima dumps valid?
Hi,
Any one can please send me dumps or exam helping material. i am going to appear in ccna exam in coming week. Thank You
Send me latest dumps at syedabuhanzalah@gmail.com
Thank You
i am currently using packet tracer 5.3.2 i applied the above access list and when i accessed web page of finance server on host c i got the “Server Reset Connection” error please tell me how to fix it
do somebody witnessed during exam such error ??
replaced the finance server with a generic server and problem, solved
I had trouble with ACL2 sim. during the simulation, when i entered “copy running-config startup-config” the statement “ip access-group 101 in” in fa0/0 was not being appended to startup config. the ACL declaration were available in both startup and running config, but the inbound statement in fa0/0 could be seen in the running config and not in the startup config; no matter how many times i ran “copy running-config startup-config” It was frustrating.
what about the new dumps thats r available in pass4sure any 1 can explain and the last time the command of “no router eigrp ” is not working as its working now
Any one plz send me the latest dump. I m using 486 dump. I m going to attempt CCNA exam on 20th Jan. plz send me the latest dump on jonsm_k@yahoo.com
hey guys,
I will be taking my CCNA Exam on 30th Jan. Can someone kindly send me the latest dump on cillahwangui@gmail.com
Thanks.
what are all 3 statement in ACL ?
please send me latest dumps I am taking exam on jan 26th johncallaghan1100@yahoo.ie
I take the test sunday wish me luck i swear i been on this sight everyday for the past month. I read the lamelle book which was helpful for a general understanding but this website really helps for understanding with all tutorials and explanations…. thank 9tut wish me the best…
here’s the config to allow host C .3 access Finance web server .23
Corp1#config t
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config
hi guys! if you follow the correct command for the last example explained by 9tut: “access-list 100 permit ip any host (IP of Public Web Server)” and it turned out that there’s really a bug, how much points do you think will be lost? just want to be cautious coz wat if this has been fixed. anyone encountered this again on recent exams?
hi all could some one help me with the latest dumps for ccna pleeeaaasseee i havve my exams in less than a week now and i really need to take the dumps… thanks to you all . lots of love
hi all could some one help me with the latest dumps for ccna pleeeaaasseee i havve my exams in less than a week now and i really need to take the dumps… thanks to you all . lots of love here is my address nlt101kl213@yahoo.com
Lionel hit the books and don’t worry about dumps.
i write tomorrow
I just took a test not to long ago, i didnt pass. ( i lost $250)Now i’m so happy, i just found this website. the real test look almost the same what i see in here.
If you have a update , please email to me bill2me69@yahoo.com
I will take a test again. If i pass the ccna . I will do something really nice to you, just like what you did to me. Thanks
* There are some reports about the command of “All hosts in the core and on the local LAN should be able to access the Public web server” saying that the correct command should be “access-list 100 permit ip any any”, not “access-list 100 permit ip any host (IP of Public Web Server)”. Although I believe the second command is better but maybe you should use the first command “access-list 100 permit ip any any” instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.
Regarding this statement, I believe that access-list 100 permit ip any any is the better/correct statement because, althought not explicitly stated that it is needed in the problem, this will not prevent hosts from requesting service from the DNS server.
Permit ip any host PUBLIC_WEB_SERVER_IP does suffice for accomplishing the needed task of allowing all hosts to access the public web server. But it also will block them from getting service from the DNS server. Any thoughts?
i passed my CCNA exam yesterday.see you CCNP
I’ll take the exam tomorrow
I’m stunned by how little knowledge some people demonstrate here.
There’s no way to be a great professional if you don’t really understand basics concepts.
Use wisely those labs and don’t just memorize all questions… Remember: network requires lots of pratice and experience above all. First and foremost, an CCNA it’s just a formal paper for your employer!
Hi: i have a exam on 26/1/12, Is any one explain me about format of ccna exam and how they marking the paper…thanks
Plz tell me about the exam access list problem thats the come at last of config- (copy run-config startup-config)if any1 done the exam in these days Best of luck to all exam holder
@All would you like to please send me the latest dumps i have exam within ten days
xgoldy4u@yahoo.com
hi everyone !
I took ccna exam yesterday but failed with 793 marks, most of the questions were from acme(collisio) dumps and labs were EIGRP,ACL2,VTP same as 9tut, but i still failed because i took it easy, badluck :(
neway now i am planning to retake my exam in next month and i wanna ask that do cisco change their exam for retakers ?? can i relly on dumps and 9tut (for labs) again ??
or exam procedure, questions and labs will be new ?? please help
my exam was also on 23rd 9:am this was my 2nd chance i took 930 marks
Hi ,
what does ‘server reset connection’ mean?….,really to me i think it means that u have access to d serve via d web using d appropriate host.Do you really think this statement denote some kind of error in d connection to d server?Do we need to replace d server?…
Hi, Im planning to take my CCNA in 30th January, Im Very thankful if Anyone can mail me latest dumps and simulators,
naath2012@gmail.com
thanks
@jan
I took ccna exam yesterday but failed with 793 marks, most of the questions were from acme(collisio) dumps and labs were EIGRP,ACL2,VTP same as 9tut, but i still failed because i took it easy, badluck :(
neway now i am planning to retake my exam in next month and i wanna ask that do cisco change their exam for retakers ?? can i relly on dumps and 9tut (for labs) again ??
or exam procedure, questions and labs will be new ?? please help
Thanks for the sim
something’s wrong with the packet tracer sim, i thought i was setting up my access lists wrong. I couldn’t ping the public web server (provided the actual exam says we should be able to access the public server and dns servers with any host/router normally) because the ip address of it ends with .3, also notice the other server they tried to put a .30 in it which is the fa 0/1 interface of the router we’re configuring, resulting for it not to have an ip address.
the ip addressing set on that lan is /28, so the hosts ip should be between 17 and 30.
so if you’re downloading this sim correct the ip addressing first.
@mark, thanks ! in real exam is the same ?
Assalam-o-Alaikum
Passed CCNA yesterday 23rd Jan with 986.
Acme Collisio dumps are good and you can use DHARANI too but for new questions but trust Acme Collisio for the old questions because some questions in DHARANI (the old ones) are not right.
Got 48 questions in total 45 MCQs and 3 SIMS (VTP, ACL-2, EIGRP)
in VTP there were some changes but the SIMS were same so if you have learned the sims not crammed no need to worry :)
1. For Q4 the answer was Sw-AC3 because it was the root bridge
2. For Q6 the answer was Sw-Ac3(locally) because it was updated locally
3. For Q7 the answer was C because the revision number on Sw-Ac3 was higher than on SwX
For ACL-2 the requirements were:
1. Permit Host A access to Financial web server(FWS): access-list 100 permit tcp host 192.168.22.1 host 172.22.200.17 eq 80
2. Deny Host A and All other hosts access to FWS services: access-list 100 deny ip any host 172.22.200.17
3. Permit all other hosts access to Public Web Server(PWS): access-list 100 permit ip any any
The ip addresses were almost like the one’s is wrote but I’m not exactly but not the case because they will be changed so just keep in mind the scenario.
For EIGRP.
1. The Main Router was Perimeter.
2. The other Router was Interior.
Just configure the routers like its done here and you will be fine. Just remember to test the connectivity of all the router among themselves no need to worry about ISP router no configuration for that.
Thanks 9tut and ExamCollection and Pass4sure.
Best of luck to you all :)
Hi guys a question from a newbie,
Practicing the Modification number 3, I realized I don’t really need three statement to archive the goal, I’m using the below statement:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq www
access-list 100 permit ip any host 172.22.242.17
(Explicit Deny ALL)
Do I going to lose point if I use two statement?
Thanks in advance
Regards
hi 9tut. i would just like to verify if this set of commands works well in exam?
R1(config)#do sh acc
Extended IP access list 100
permit tcp host 192.168.33.3 host 172.22.242.24 eq www (5 match(es))
deny tcp 192.168.33.0 0.0.0.255 host 172.22.242.24 eq www (24 match(es))
permit ip any any (3 match(es))
*I Tried it and I believe it works the same way. thanks.
TRIGUN, it’s not right because the Core network will have access to the Finance Server. You have to restrict that network.
“allow ONLY host C web access to the Finance Web Server”
@TRIGUN
Your line 2 is incomplete…..or wrong…….
You are restricting the 192………….IPs, and permitting 198…………….IP.
The instruction is no one from the CORE nor LAN should be able to use Web Browser to access FWS.
@trigun
access-list 100 deny tcp any host 172.22.242.23 eq 80 (second line) if you put yours, you will only deny hosts on 192.168.33.0/24, but permit hosts from the core (198 network), but with this line, deny tcp ANY you will deny both
hi guys, like i assumed – the exam asks you to block all other accesses from all other networks to the finance server. check the modification section in this page
it orders u that only c can get to finance using http. pings from c should not work (though u have no access to cmd in the exam!)
i suggest to download the sim here and configure it as necessary like my post above.
also – you cannot ping there using the core lan u will only have http access to C and the other hosts (i used B for testing). to verify if you have the correct answers in the exam, use c to http to finance (should work), use b to do same (should be blocked). then you would have to assume that the pings from all other networks doesn’t work. so make sure 2nd line of your access list is solid.
don’t forget to copy run start!
@mark
what lines did u use?
@ mark i think the statement will be
access-list 100 permit tcp host x.x.x.x host y.y.y.y eq 80 (use C to http to finnance)
access-list 100 deny tcp host x.x.x.x host y.y.y.y eq 80 (deny b to finance)
access-list 100 deny ip any any (deny all pings)
It’s correct mark ?
@9tut
The CCNA access sim 2 question is not able to be opened in packet tracer after downloading. It is not a valid packet tracer file is the reply I’m getting from the computer. when attempted to practice it. please help me……………
Hi
I’ve had 3rd modification today, I did as you wrote. I got 976 so it is ok. Thanks for help
Hi all
congrats Carter, Please could you tell me how many simulation coming in exam?….i have exam on 26/1/12 !!!!!!!
Hi; how many questions coming in ccna exam ?
@mark, need some clarifications please help – ciscolikesme@gmail.com
@stigmata
thanks, i had 3: vtp, acl2, eigrp. Questions all from colisio, mayby 1, 2 new. Good luck tomorow :)
Can any one send me details on how to use GNS3. Plz i just can’t get it running like Packet Tracer. My e-mail: nissy357@yahoo.com
@ adi yep good.
ciscolikesme – post ur question here
I was having 640-802 on 31 october 2011 , and that was one of the overall 3 sims i got on the exam .
@mark, so i understand good. Your requirements was
permit host a www access to finance
deny host b www access to finance
deny all pings from lan and core
Hi guys, am taking my exam on 4th February, can someone send collisio to my mail, please. spyadmin.bonny@nlng.com or nsikaksolomon@yahoo.com Thanks a million.
Hi guys, jus a simple comment: The reason why we need to use the command: ip access-list 100 permit any andy instead of ip access-list 100 permit hsot 172.22.242.17 is cause using the last one we’re going to block all traffic to the DNS Server (unknown IP).
Hope this information help
Regard
Hi , i wrote the exam today. i got 947. All the questions were from this dump only. Collisio486 is 100 percent valid. And the simulation was from 9tut. Access list sim2, eigrp, vtp. Thank god and friends who share the comments.
many thanks to those who created this dump.All the best.
@9tut
Just a quick question.
What is the difference of using eq 80 AND eq http?
I am asking this because http uses port 80 and hence to me is one and the same thing. However the answer given herein says eq 80.
Please help. Thanks
@9tut
I am getting confused with ACLs. When you talk of an outbound or inbound traffic, what exactly do you mean?
In our case on this sim, if acl is applied on fa0/0, it can only filter traffic from that LAN and not from the core as explained. Does this mean we can not have traffic from the core to the public server? Please help
@Mark and @adi and @Aerodsliza..
Sum1 please answer this question..In ACL2…..can we do WEB ACCESS to the PC as a SERVER?
->I when I am using PC as a Finance Web server then its showing server reset connection
whereas when using the generic server it successfully works( as in the web access happens
nicely)..Please help me out guys…any1..!
@Ngoroko:
+ eq 80 and eq http are the same. There is no difference.
+ When packets go inside the router, we call it inbound traffic. When packets go out of the router, we call it outbound traffic. Just imagine each interface is a “door” on the router. Traffic from the Core to the public server just needs to go through serial “door” (inbound) and goes out of interface f0/1 (outbound) without passing f0/0 so we can’t place an acl on that “door” to monitor the Core traffic. If we want to filter traffic from the Core traffic we must place an acl on the serial interface or the f0/1 interface.
Hi, has anybody used the geethanjali dump 669q, ive been using mostly that dump, but here in the forum, i keep reading about the collision dump, that dump is from september i guess, so should i stick with the geethanjali dump or switch to collision, have the exam on 31 jan by the way
Jonathan ,what about your exam?????
took my exam today…got 762/1000… :(
in accesslist lab:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 did not work…shocked but the othr commands for denying and permitting any any worked….
in eigrp:
show running-config did not show the original eigrp number or ip address..showed no service stamp smething…shocked..
in vtp sim:
show mac address-table,show cdp neighbours,show cdp neighbours detail,show running config did not wrk…again shocked……..but show vlan,show vtp status,show interface trunk worked….
im confused…..hve anybdy had such experience….?? :o :o
^anonymous, it won’t work by itself. you need to apply it to the router with an ip access group command.
@ani when the simulator says server access connection that means you can http into the finance server, your setting is then correct (if it’s host c). in the exam it will give a more clrearer message, something like you can access it using http.
@adi if you’re following the actual exam question your 2nd line should be access-list 100 deny any host y.y.y.y
lol i missed the “ip” – access-list 100 deny ip any host y.y.y.y
i don’t understand exactly what you want write there, ur english :)
permit tcp host x.x.x.x host y.y.y.y eq 80 (permit host A to connect finance through http)
deny ip any host y.y.y.y ( deny hosts from lan and core to access other services on finance)
permit ip any any (permit hosts to connect to public server)
it’s an example, this is what u want to say above ?
@furqan, what about my exam, its tomorrow, can some one answer me please, if the geethanjali dump is any good, or should i stick to collision
@jonathan dude ,i think y0u sh0uld 0nly see Collisio486 dumps because every0ne here in 9tut rec0mend these dumps .must tell me ab0ut y0ur exam because my exam is als0 0n next m0nday and d0nt f0rget t0 learn 3 sim.acls,eigrp & vtp because i see many views here and every0ne said that they have these 3 labs.best of luck !!!!!!!!!!!!
@furqan thanks man!! will do, i think its a little late for me since i ve spend almost all my final days of preparation studying the other dump, but i have reviewed a lot of question from this site, hope that covers it, any way i think ive grasp the concept of the sims, the only thing that worries me is that a friend who took the exam a little while back said the autocompletion and ? doesnt work dont know if its in some countries or is some bug, i’ll post tomorrow, fingers crossed.
By the grace of GOD, I have got 1000/1000 in CCNA at 27th January. The labs were EIGRP,ACL2,VTP with minor changes like AS Nos., IP,s etc.
Thanks 9tut, ACME 486 collissio.
02 Questions out of course from 486 q.
for any query can contact me: +923009762037
@m asim hameed you give exam in lahore?????
I passed today, still valid dump, like everybody, I also had ACL2, EIGRP, VTP with slight changes.
@ stefan how much questions were out 0f dumps?????and from which portion???
@mark
ya i gave ip access-group commands also for the interfaces….oly tht acces-list permit line did not wrk…its sayin invalid cmd..smething…..