ip access-group 5 in

access-list 5 permit 10.7.0.0 0.0.0.31

access-class 5 in

access-list standard VTY

permit 10.7.0.0 0.0.0.127

The access list has been applied to an interface.

A network administrator would not be able to tell if the access list has been applied to an interface or not.

Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.

Any device can telnet to the 10.1.2.1 device.

The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device.

show access-lists

show ip ssh​

show running-config

show ip interface brief

access-list 101 permit tcp any eq 4300

access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300

access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www

access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www

The ACL must be applied to each vty line individually.

Apply the ACL to the vty lines without the in or out option required when applying ACLs to interfaces.

The ACL is applied to the Telnet port with the ip access-group command.

The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.

any TCP traffic from any host to the 172.16.0.0 network

SSH traffic from the 172.16.0.0 network to any destination network

SSH traffic from any source network to the 172.16.0.0 network

any TCP traffic from the 172.16.0.0 network to any destination network

Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination.

The only traffic denied is ICMP-based traffic. All other traffic is allowed.

The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed.

No traffic will be allowed outbound on the serial interface.