Helping You Pass Your CCNA Exams

New CCNA Access List Exam.


This is an Updated real CCNA exam question (Nov. 2013). You might see a different IP addressing, Port allocation and Configurations.

As usual, take time and read through the question so as to clearly understand what Cisco want you to do.

Note: This ACL LAB are used for demonstration only,you will see a slight different IP addressing,  Port allocation in the real CCNA exam. But it all works the same way if you could just grasp the technique.

I suggest you use packet tracer for practice.

Download Cisco Packet tracer here


An administrator is trying to ping and telnet from Switch to Router with the results shown below:


You need to click the console (PC) connected to the router and issue the appropriate commands to answer the questions. In this case use the show running-config command to view the configuration and answerall the questions below.

Note: the essence of this question is to test your ability to focus on details. In troubleshooting networks, a single wrong number, letter or character can cause disruptions on a network. In the real exam, you might see different IP Addressing and configuration.
yu will come across a display like this one below:

Question 1:

Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?

A- Correctly assign an IP address to interface fa0/1
B - Change the ip access-group command on fa0/0 from "in" to"out"
C - Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D - Remove access-group 102 out from interface s0/0/0 and add access-group 114in
E - Remove access-group 106 in from interface fa0/0 and add access-group 104 in


Answer: E



Take time to focus on the access-list 104 lines copied from above:Take time to focus on the access-list 104 lines copied from above:

Look at the 3rd line that denies all telnet traffic, and the 4th line allows icmp traffic to be sent. A carefull look at the output above shows that access list 104 is applied on the inbound direction, so the 5th line "access-list104 deny icmp any any echo-reply" won’t have affect on the icmp traffic because the "echo-reply"message will be sent over the outbound direction.

Question 2:

What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?

A- Attempts to telnet to the router would fail
B - It would allow all traffic from the network
C - IP traffic would be passed through the interface but TCP and UDP traffic would not
D - Routing protocol updates for the network would not be accepted from the fa0/0 interface

Answer: B


According to the output of access-list 114 displayed above;

 access-list114 permit ip any  confirms that this access list configuration permits all traffic (ip) from the network.

Question 3:

What would be the effect of issuing the command access-group115 in on the s0/0/1 interface?

A- No host could connect to Router through s0/0/1
B - Telnet and ping would work but routing updates would fail.
C - FTP, FTP-DATA, echo, and www would work but telnet would fail
D - Only traffic from the network would pass through the interface

Answer: A


Check the configuration on interface S0/0/1 from the display above:

By default, only one access list is accepted on an interface, applying the command“ip access-group 115 in” on the interface(s0/0/1) will overwrite the previously configured “access-list 102 in” denying access from any host.



Sign Up For Post Updates

* required


Email Marketing by VerticalResponse


 PrivacyPolicy  Contact Us  Advertise

Copyright  2012. Orbitco-Computer-Solutions.Com. All rights reserved.  

The information provided on this website is for informational purposes only.
orbitco-ccna-pastquestions.com makes no warranties, either expressed or implied, with respect to any information contained on this website.

orbitco-ccna-pastquestions.com reserves the right to change this policy at anytime without prior notice.
and All related product mentioned in any portion of this website are the registered trademarks of Cisco.com 

and their respective owners