Question

You have configured ACLs on your router. A partial configuration for the router is shown below:

hostname RouterA
!
interface FastEthernet0/0
ip address
speed auto
duplex auto
!
interface FastEthernet0/1
ip address
speed auto
duplex auto
!
interface Serial0/1/0
ip address
encapsulation ppp
ip access-group 107 in
!
access-list 107 deny ip any
access-list 107 deny ip any
!

You want to block any traffic received on S0/1/0 that has a source address that appears to be coming from the two internal networks. However, you find that no traffic is being accepted on the S0/1/0 interface.

What should you do?

Answer 1

To block traffic with a source address from the internal networks on the S0/1/0 interface, modify the access list to include permit statements for the internal networks before the deny statements.

Step-by-step explanation:

To block any traffic received on the S0/1/0 interface with a source address from the two internal networks, you need to modify the access list. Currently, the access list is only denying all IP traffic. You need to add permit statements for the internal networks before the deny statements. Here's an example:

1. 
   
3. access-list 107 deny ip any
4. 
   
6. access-list 107 permit ip source1 source2 any

In the above configuration, replace source1 and source2 with the IP addresses or ranges of the internal networks.

After making this modification, ensure that the access list is applied correctly to the interface using the ip access-group 107 in command.