A-A+
定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包
问题详情
定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是______。
A.access-list 198permit icmp 166.129.130.0 255.255.255.0 anyaccess-list 198 deny icmp any any access-list 1 98 permit ip any any
B.access-list 198 permit icrnp 166.129.130.0 0.0.0 255 anyaccess-list 198 deny icmp any any access-list 198 permit ip any any
C.access-list 99 permit icrnp 166.129.130.0 0.0.0 255 any access-list 9 9 deny icrnp any any access-list 99 permit ip any any
D.access-list 100 permit icrnp 166.129.130.0 0.0.0 255 any access-list 100 permit ip any any access-list 1 00 deny icmp any any请帮忙给出正确答案和分析,谢谢!
参考答案
正确答案:C
解析:标准访问控制列表标号为1~100,100以上为扩展控制列表,排除A,B,而D先执行access-list 100 permit ip any any,那么所有的IP地址都不封禁,后面的将不执行,D项错误,选C项。
