350-501 Question #392: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. The engineering team wants to limit control traffic on router RX with the following IP address assignments: - Accepted traffic for router: 10.0.0.0/24 - NOC users IP allocation: 192.168.10.0/24 Which additional configuration must be applied to RX to apply the policy for MSDP?

Options

• ARX(config)#access-list 151 permit tcp any gt 1024 10.10.0.0 0.0.0.255 eq 639
• BRX(config)#access-list 150 permit tcp any gt 1024 10.0.0.0 0.0.0.255 eq 639
• CRX(config)#access-list 151 permit tcp any 10.0.0.0 0.0.0.255 eq 639
• DRX(config)#access-list 150 permit tcp any 10.0.0.0 0.0.0.255 eq 639

Explanation

To limit MSDP control traffic to a specific router subnet (10.0.0.0/24) with standard client ephemeral source ports, an extended access list must permit TCP traffic from any source with high-numbered source ports to the destination network on MSDP's well-known TCP port 639.

Common mistakes.

• A. This option is incorrect because it specifies the destination network as 10.10.0.0/24, which does not match the required 10.0.0.0/24 subnet for accepted router traffic.
• C. This option is incorrect because it omits the gt 1024 keyword for the source port, which is commonly used to specify client ephemeral ports and is implied for precise control traffic limiting.
• D. This option is incorrect because it omits the gt 1024 keyword for the source port, which is commonly used to specify client ephemeral ports and is implied for precise control traffic limiting.

Concept tested. Extended ACL configuration for control plane traffic

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16/sec-data-acl-xe-16-book/sec-extended-ip-acls.html

No community discussion yet for this question.