柠檬试题库
search
首页 计算机 公务员 驾照 关于

在一台Cisco路由器上封禁ICMP协议,只允许215.192.40.16/28和202.204.28.0/24子网的ICMP数据包通过路由器,下列正确的access-list配置是()


  • A.Router (config)#access-list 100 permit icmp 215.192.40.16 255.255.255.240 any Router (config)#access-list 100 permit icmp 202.204.28.0 255.255.255.0 any Router (config)#access-list 100 deny icmp any any Router (config)#access-list 100 permit ip any any Router (config)#
  • B.Router (config)#access-list 98 permit icmp 215.192.40.16 0.0.0.15 any Router (config)#access-list 98 permit icmp 202.204.28.0 0.0.0.255 any Router (config)#access-list 98 deny icmp any any Router (config)#access-list 98 permit ip any any Router (config)#
  • C.Router (config)#access-list 198 permit icmp 215.192.40.16 0.0.0.15 any Router (config)#access-list 198 permit icmp 202.204.28.0 0.0.0.255 any Router (config)#access-list 198 deny icmp any any Router (config)#access-list 198 permit ip any any Router (config)#
  • D.Router (config)#access-list 198 permit icmp 215.192.40.16 0.0.0.15 any Router (config)#access-list 198 permit icmp 202.204.28.0 0.0.0.255 any Router (config)#access-list 198 permit ip any any Router (config)#access-list 198 deny icmp any any Router (config)#
热度🔥179
参考答案:C
解析:

全局配置模式:Router (config)#accesslist any 禁止其他ICMP:Router (config)#accesslist 198 deny icmp any any 允许IP包通过:Router (config)#accesslist 198 permit ip any any 配置应用接口:Router (config)#interface <接口名> Router (configif)#ip accessgroup 此外,禁封ICMP协议为扩展访问控制命令;IP扩展访问控制列表表号范围为100~199、2000~2699;wildcard_mask为通配符,也即子网掩码的反码。deny icmp any any要在permit ip any any之前,因为执行了permit any any后,不再执行其后续的命令。因此,C选项正确。
复制题目向AI提问