Last Updated on August 1, 2021 by Admin 1
Which of the following IPv6 access list statements would permit SSH traffic from 2001:DB8:0:4::32 when applied to the VTY lines?
- permit ipv6 2001:DB3:0:5::/48 any eq ssh
- permit ipv6 2001:DB8:0:4::/64 any eq ssh
- permit ipv6 host 2001:DB8:0:4::32 any eq 23
- permit ipv6 2001:DE8:0:4:::/48 any eq 22
Explanation:
The only statement that would allow SSH traffic from 2001:DB8:0:4::32 is permit ipv6 2001:DB8:0:4::/64 any eq ssh. It would match because it specifies the 2001:DB8:0:4:: subnet as a result of the /64 prefix. With that prefix, traffic must match in the first four hextets. Since the address 2001:DB8:0:5::32 matches in the first four hextets, it is allowed.
The only statement that would allow SSH traffic from 2001:DB8:0:4::32 is permit ipv6 2001:DB8:0:4::/64 any eq ssh. It would match because it specifies the 2001:DB8:0:4:: subnet as a result of the /64 prefix. With that prefix, traffic must match in the first four hextets. Since the address 2001:DB8:0:5::32 matches in the first four hextets, it is allowed.
The statement permit ipv6 2001:DB3:0:5::/48 any eq ssh will not permit traffic from 2001:DB8:0:4::32. With a /48 subnet mask, the address must match in the first three hextets, and it does not do
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify router security features
Subscribe
Login
0 Comments