Cisco Exam Questions

Which commands will prevent the local router from advertising the 139.10.0.0 network out of the Ethe

admin

Which commands will prevent the local router from advertising the 139.10.0.0 network out of the Ethernet 0/0 interface, while allowing all other networks to be advertised?

A.
RouterA(config)router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config-router)# distribute-list 10 out e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any

B.
RouterA(config)router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config-router)# distribute-list 10 in e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any
C.
RouterA(config)# router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config-router)# access-group 10 out e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any
D.
RouterA(config)# router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any
RouterA(config)# interface e0/0
RouterA(config-if)# access-group 10 out

Explanation:
The following command set will prevent the local router from advertising the 139.10.0.0 network out of the Ethernet 0/0 interface, while allowing all other networks to be advertised:

RouterA(config)# router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config-router)# distribute-list 10 out e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any

The distribute-list command allows you to apply a basic access list to a routing process. Just like applying an access list to an interface, when you apply it to a routing process, the permit statements determine what networks may be advertised out the interface. The deny statements determine what networks are not allowed to be advertised out the interface. Instead of applying the access list to an interface, you use the distribute-list command in router configuration mode to apply it to the particular routing process. By specifying an interface and a direction (in or out) in the distribute-list command, you can indicate where the advertisements will be blocked and in what direction.

Keep in mind that when applied this way, the access list does not affect what data traffic passes through the interface. It only affects what networks that the routing protocol will advertise. In the scenario here, RIP will not send advertisements for the 139.10.0.0 network out Ethernet 0/0, but traffic coming from or going to that network is still allowed through the interface in either direction unless there is an access list applied to the interface that will block it.

Conversely, if you applied an access-list to the interface that blocked traffic to or from the 139.10.0.0 network, but permitted all other traffic, it would not stop the routing updates about the 139.10.0.0 from passing through.

Note: The last command in the sequence, RouterA(config)#access-list 10 permit any, is VERY important. If that line is missing, any route not specified with an allow statement will be denied. For example, if you wanted to only allow one network to be advertised, you could configure an allow statement for that network and leave off the permit any parameter. It would block all advertisements with the exception of the one specified by the allow statement.

The following command set is incorrect because the distribute list is applied inbound, which would prevent the reception of updates concerning the 139.10.0.0/16 but would not prevent them from being advertised:

RouterA(config)# router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config-router)# distribute-list 10 in e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any

The following command set is incorrect because it applies an access list to the interface instead of a distribute list. The effect would be to block all traffic for that network, but allow routing updates:

RouterA(config)# router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config-router)# access-group 10 out e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any

The following command set is incorrect because it also applies an access list instead of a distribute list, this time incoming instead of outgoing:

RouterA(config)# router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# network 139.10.0.0
RouterA(config-router)# network 199.10.10.0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any
RouterA(config)# interface e0/0
RouterA(config-if)# access-group 10 out

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify filtering with any protocol