封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICM数据包,正确的access-list配置是( )。

admin2015-08-20  27

问题 封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICM数据包,正确的access-list配置是(    )。

选项 A、Router(config)#access-list 110 permit icmp 212.78.170.166 0.0.0.0 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
B、Router(config)#access-list 110 permit icmp 212.78.170.0 255.255.255.224 any
Router(config)#access-list 110 permit ip any any
Router(config)#access-list 110 deny icmp any any
C、Router(config)#access-list 110 permit icmp 212.78.170.0 0.0.0.255 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
D、Router(config)#access-list 110 permit icmp 212.78.170.160 0.0.0.31 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any

答案D

解析 封禁ICMP协议属于配置扩展访问控制列表,所以表号范围为100~199或2000~2699,格式为:access-list access-list.number{permitldeny}protocol source wildcard-mask destination wildcard-mask[operator][operand]。因为wildcard-mask为子网掩码的反码,所以根据以上描述,本题的正确答案为选项D。
转载请注明原文地址:https://jikaoti.com/ti/zp77FFFM
0

最新回复(0)