Last Updated on July 31, 2021 by Admin 1
Examine the exhibit.
The router labeled “B” has been configured by using the following configuration commands:
RouterB(config)# router eigrp 100 RouterB(config-router)# network 10.0.0.0 RouterB(config-router)# distribute-list 10 in bri 0 RouterB(config)# access-list 10 deny 11.11.0.0 0.0.255.255 RouterB(config)# access-list 10 permit any
Which statement best describes the effects of this configuration?
- Only network 11.11.0.0 will be advertised to routers A and C.
- Advertisements received by router A will include router D networks.
- Advertisements to router C will not include the router D and E networks.
- Traffic from network 11.11.0.0 hosts will be discarded because of ACL 10.
The router will scan the access list specified by a distribute list. If a match to a permit statement is found, the route entry is permitted; if a match is found to a deny statement, the route is discarded. In this question, the permit statement in ACL 10 provides a permit match to all routes advertised from router D except for network 11.11.0.0.Distribute lists are used to filter inbound, outbound, or redistributed routing updates. Instead of using the passive-interface command, distribute lists enable you to selectively control which routes are processed.If a distribute list is associated with an interface, the routing update is compared to the access list that was specified in the distribute list. If a match is found to a permit statement, then the packet is forwarded. If a match is found to a deny statement, the packet is discarded. If no match is found, the implicit deny statement at the end of the access list will drop the packet. For example, if the access list in the above example were missing the line access-list 10 permit any, all updates would be denied, not just the one specified by the deny statement.If no distribute list is associated with the interface, the routing update packets are processed as normal.Distribute lists can reference multiple access lists if required to obtain the desired result. For example, examine the following configuration from a partial output of show run:router eigrp
distribute-list 2 out ethernet 0
distribute-list 1 out
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 2 permit 10.0.1.0 0.0.0.255
By using two access lists and two distribute lists, you accomplish the following:
- Only routes matching 10.0.0.0/8 will be advertised out interfaces other than E0
- Only routes matching 10.0.1.0/24 will be advertised out E0
Network 11.11.0.0 will not be the only network advertised to routers A and C. In this question, the permit statement in ACL 10 provides a permit match to all routes advertised from router D except for network 11.11.0.0.
The option advertisements to Router C will not include the router D and E networks is incorrect because although the 11.11.0.0/16 network will be denied, any other networks attached to either Router C or Router D will be permitted.
Traffic from network 11.11.0.0 hosts will NOT be discarded because of ACL 10. If the access list were applied to the interface with the access-group command instead of the distribute-list command, this would be the case, but a distribute list blocks routing updates, not normal traffic.
Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify filtering with any protocol