On a Cisco router interface, which command is used in interface configuration mode to apply an IP access list numbered 101 in the inbound direction?

Introduction / Context:
Defining an access control list is only the first step in controlling traffic on a Cisco router. To have any effect, the ACL must be applied to an interface in a specific direction. Cisco IOS uses the ip access-group command in interface configuration mode to bind a numbered or named IP ACL to that interface. This question checks your familiarity with the exact command syntax used to apply a list.

Given Data / Assumptions:

ACL number 101 has already been created in the global configuration.
You are in interface configuration mode, such as interface fastethernet0 slash 0.
You want to apply this ACL to filter incoming packets on that interface.
The command must be valid Cisco IOS syntax for IP ACL application.

Concept / Approach:
In Cisco IOS, the ip access-group command is used under an interface to apply an IP ACL. The format is ip access-group list-number in or ip access-group list-number out. The keyword in means the ACL will evaluate packets as they enter the interface, while out means as they exit. Other similar looking phrases, such as ip access-list or access-group ip, are used in different contexts or are simply invalid.

Step-by-Step Solution:
Recognise that the context is interface configuration mode, not global ACL definition mode. Recall the correct IOS syntax: ip access-group followed by the ACL number and direction. Because the requirement is to filter traffic inbound, the command must end with in. The correct pattern is therefore ip access-group 101 in. Compare this with the options and see that option c exactly matches the correct syntax.

Verification / Alternative check:
If you configure ip access-group 101 in on an interface and then run show ip interface for that interface, you will see a line such as Inbound access list is 101, confirming that the command correctly attached the ACL. Removing the command with no ip access-group 101 in will clear that binding, which further validates the command usage.

Why Other Options Are Wrong:
Option a, ip access-list 101 out, resembles the global configuration mode used to create a named ACL and also uses out instead of the required in; it is not the correct interface subcommand.
Option b, access-list ip 101 in, reverses the keyword order and is not a valid Cisco IOS command.
Option d, access-group ip 101 in, again misorders the keywords and does not match supported syntax.
Option e, ip access-group 101 outbound, invents the word outbound instead of the valid keyword out and is not accepted by IOS.

Common Pitfalls:
A common mistake is to confuse ip access-list, which starts the definition of a named ACL, with ip access-group, which applies a list to an interface. Another pitfall is forgetting to specify the correct direction, leading to an ACL that appears configured but does not actually filter the traffic path you expect. Always double check whether you need in or out based on traffic flow diagrams.

Final Answer:
To apply ACL 101 inbound on an interface, you use ip access-group 101 in.