Refer to the exhibit. PC-2 failed to establish a Telnet connection to the Terminal Server. Which solution allows PC-2 to establish the Telnet connection?
The rule with sequence 20 that denies Telnet traffic from any host to the Terminal Server, while permitting traffic from PC-2 to the Terminal Server, is not effective. Therefore, creating a new permit rule with a lower sequence number than 20 would be the best solution.
A is the correct answer.
sequence 10 permits PC-1 to reach the server on "www"
sequence 20 denies all Telnet to server: deny tcp "any" to "host 2018:DB1:A:C::1 eq telnet"),
sequence 30 is blocked by sequence 20 so this rule will never be hit: "permit host 2018:DB1:A:B::2" to host "host 2018:DB1:A:C::1 eq telnet"
the answer is to add a rule before sequence 20 that allows telnet to the server. sequence 30 is a good rule but it is in the wrong place, being covered by sequence 20.
Correct answer is A. When you input an ACE entry that matches what's already there, it will not add. Proved it by labbing. Also from cisco under section - Sequence Numbering Behavior:
"If you enter an entry that matches an already existing entry (except for the sequence number), then no changes are made."
Link:https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-acl-seq-num.html#GUID-15B01A19-C401-4C70-84AA-5DF6C8EF133C
Just tested it with ipv4 and ipv6 access-list. When you apply the exact same entry with a different sequence, nothing changes. The access-list keeps only the old entry. So answers B,C,D are wrong since they make no difference. Answer A is correct since despite the fact that it adds the same entry as the other answers (and changes nothing) it removes the telnet-deny-entry ( no sequence 20), hence telnet is permitted.
Please check IP Access List Entry Sequence Numbering:
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-acl-seq-num.html
A lot of extra text printed in a bunch.
But in general, everything is simple. It is necessary to remove the 20th line or allow telnet from the server before it.
Router(config-ipv6-acl)#no sequence ?
<1-4294967294> Sequence number for this entry
there is no seq command
But why remove seq 20 ,just add to seq 15 , So C
Sorry but I have to disagree. An IPv6 access-list does have the "no sequence #" option available. What does not work is trying to re-sequence a line without first removing it with the "no" command. Therefore A is the only viable answer here as it legally removes the deny statement blocking telnet. The second command to re-sequence sequence 30 will be accepted by the router but will have no effect. I have tested this all just now on a live ASR.
C is most likely answer although A would work as well. There's no need to remove sequence 20 if a permit statement is added before it though which C does.
This section is not available anymore. Please use the main Exam Page.300-135 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tio1
Highly Voted 5 years, 6 months agoMIi2604
Highly Voted 5 years, 7 months agoKZM
Most Recent 11 months, 3 weeks agorob899
1 year, 7 months agoasans
3 years agoSpyrous
3 years, 1 month agoSpyrous
3 years, 1 month agowts
3 years, 1 month agowts
3 years, 2 months agogndrx78
3 years, 4 months agoRexChen
3 years, 4 months agochaospikes
5 years, 2 months agoJoe812
5 years, 3 months agoMknighttime
5 years, 3 months agoSk123456789
5 years, 3 months agoth0rstenb0
5 years, 3 months agopen08
5 years, 4 months agoPenn
5 years, 4 months agoFiss
5 years, 6 months ago