封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICM数据包,正确的access-list配置是( )。

admin2022-10-08  50

问题 封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICM数据包,正确的access-list配置是(    )。

选项 A、Router(config)#access-list 110 permit icmp 212.78.170.166 0.0.0.0 any
   Router(config)#access-list 110 deny icmp any any
   Router(config)#access-list 110 permit ip any any
B、Router(config)#access-list 110 permit icmp 212.78.170.0 255.255.255.224 any
   Router(config)#access-list 110 permit ip any any
   Router(config)#access-list 110 deny icmp any any
C、Router(config)#access-list 110 permit icmp 212.78.170.0 0.0.0.255 any
   Router(config)#access-list 110 deny icmp any any
   Router(config)#access-list 110 permit ip any any
D、Router(config)#access-list 110 permit icmp 212.78.170.160 0.0.0.31 any
   Router(config)#access-list 110 deny icmp any any
   Router(config)#access-list 110 permit ip any any

答案D

解析 封禁ICMP协议属于配置扩展访问控制列表,所以表号范围为100~199或2000~2699,格式为:access-list access-list-number {permit|deny} protocol source wildcard-mask destination wildcard-mask [operator] [operand]。因为wildcard-mask为子网掩码的反码,所以根据以上描述,本题的正确答案为选项D)。
转载请注明原文地址:https://kaotiyun.com/show/9TKZ777K
0

最新回复(0)