Cisco 200-125 Exam
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
- A. Correctly assign an IP address to interface fa0/1.
- B. Change the ip access-group command on fa0/0 from “in* to “our.
- C. Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
- D. Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
- E. Remove access-group 106 in from interface fa0/0 and add access-group 104 in.
Answer: Option E.
Let’s have a look at the access list 104:The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.