Question

An Extended IPv4 Access Control List (ACL) is created to block Telnet traffic (TCP port 23) from a specific subnet (192.168.1.0/24) to a server (10.0.0.10). Which interface and direction (inbound/outbound) is the most effective and efficient place to apply this ACL on a router connecting these segments?

Accepted Answer

The most effective and efficient place to apply this Extended IPv4 Access Control List is on the router interface connected to the 192.168.1.0/24 subnet, applied in the inbound direction. An Extended IPv4 Access Control List is a sequential set of rules that filters network traffic based on multiple criteria, including source IP address, destination IP address, protocol type, and port numbers. In this specific scenario, the goal is to block Telnet traffic, which uses TCP port 23, originating from the 192.168.1.0/24 subnet and destined for the server at 10.0.0.10. To achieve maximum effectiveness and efficiency, an Extended ACL should be placed as close to the source of the traffic as possible. The source of the traffic to be blocked is the 192.168.1.0/24 subnet. Therefore, the appropriate interface is the one on the router that directly connects to this subnet. The direction of application should be inbound, meaning the ACL processes packets as they enter that router interface from the 192.168.1.0/24 network. This ensures that the unwanted Telnet traffic is filtered and dropped immediately upon ingress into the router, before it consumes any further router processing resources or network bandwidth on the path towards the 10.0.0.10 server. Applying the ACL in this manner prevents the router from wasting resources routing traffic that will ultimately be denied, thereby optimizing network performance and resource utilization. If the ACL were applied closer to the destination, such as outbound on the interface connected to the 10.0.0.10 server&#x27;s segment, the Telnet traffic would still traverse the router&#x27;s internal fabric and consume processing power before being discarded, which is less efficient.

Home → All Courses → Engineering and Technology Courses → Cisco Certified Network Associate (CCNA) → Flashcard