In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port.

exams HPE7-A01 V2 HPE7-A01 exam 0 Comments

In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port.

A. ip access-list session pingFromWired any user any permit

B. ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit

C. ip access-list session pingFromWired any any svc-icmp permit user any svc-icmp deny

D. ip access-list session pingFromWired any any svc-icmp deny any user svc-icmp permit

Answer: B

Explanation:

A. ip access-list session pingFromWired any user any permit

This will allow all traffic from any source to wireless clients (user). Not what we want.

B. ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit

The first rule denies ICMP (ping) from wireless clients (user) to any destination.

The second rule permits ICMP from any source to any destination. However, since the deny rule is processed first, pings from wireless clients will be blocked.

This option looks correct based on the rules provided.

C. ip access-list session pingFromWired any any svc-icmp permit user any svc-icmp deny

The first rule permits ICMP from any source to any destination. This includes wireless clients pinging wired stations.

The second rule denies ICMP from wireless clients to any destination. However, since it comes after the permit rule, it will never be processed.

This doesn’t match the desired behavior.

D. ip access-list session pingFromWired any any svc-icmp deny any user svc-icmp permit

The first rule denies ICMP from any source to any destination. Since this is the first rule, it will block all ICMP traffic.

This option will not allow the desired behavior.

Given the explanations above, the correct answer is:

B. ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit

In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port.

In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port.

Latest HPE7-A01 Dumps Valid Version with 75 Q&As