200-101 · Question #186
A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, wh
The correct answer is A. access-list 10 permit ip 192.168.146.0 0.0.1.255 C. access-list 10 permit ip 192.168.148.0 0.0.1.255. Option A uses wildcard mask 0.0.1.255 on 192.168.146.0, which matches the range 192.168.146.0–192.168.147.255, covering both the .146.0 and .147.0 networks. Option C uses the same wildcard on 192.168.148.0, matching 192.168.148.0–192.168.149.255, covering both .148.0 and .149.0.
Question
Options
- Aaccess-list 10 permit ip 192.168.146.0 0.0.1.255
- Baccess-list 10 permit ip 192.168.147.0 0.0.255.255
- Caccess-list 10 permit ip 192.168.148.0 0.0.1.255
- Daccess-list 10 permit ip 192.168.149.0 0.0.255.255
- Eaccess-list 10 permit ip 192.168.146.0 0.0.255.0
- Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
How the community answered
(27 responses)- A85% (23)
- B4% (1)
- D4% (1)
- E7% (2)
Explanation
Option A uses wildcard mask 0.0.1.255 on 192.168.146.0, which matches the range 192.168.146.0–192.168.147.255, covering both the .146.0 and .147.0 networks. Option C uses the same wildcard on 192.168.148.0, matching 192.168.148.0–192.168.149.255, covering both .148.0 and .149.0. Together, these two statements precisely cover all four required networks. Option B's wildcard (0.0.255.255) is far too broad, matching all of 192.168.0.0/16. Option D has the same problem. Option E's wildcard (0.0.255.0) is non-contiguous and would produce unintended matches. Option F incorrectly uses a subnet mask (255.255.255.0) instead of a wildcard mask.
Topics
Community Discussion
No community discussion yet for this question.