On a Cisco router you want to create an access control list that permits Simple Mail Transfer Protocol SMTP traffic only to the mail server at IP address 1.1.1.1 while using an extended ACL. Which access-list command correctly matches this requirement?

Introduction / Context:
This question focuses on extended access control list configuration syntax on Cisco routers. In particular it tests whether you know how to match Transmission Control Protocol TCP based Simple Mail Transfer Protocol traffic destined for a specific host. Being able to build correct ACL entries is essential for controlling which applications are allowed toward key servers on a network edge or inside a demilitarized zone.

Given Data / Assumptions:
- We are working on a Cisco router that supports numbered extended access lists such as 110.
- The goal is to permit SMTP mail traffic which uses TCP port 25 by default.
- Only traffic destined to host 1.1.1.1 should match the permit entry, and the source can be any address.
- We assume later commands such as interface ACL application are configured correctly and are not part of this question.

Concept / Approach:
An extended ACL line on a Cisco router must specify the protocol, source, destination, and optional port information. SMTP runs over TCP, not over User Datagram Protocol UDP, so the correct protocol keyword is tcp. To allow traffic from any source address to a single destination host, we must use the any keyword for the source and the host keyword for the destination address. Finally we must specify the well known destination port using the eq smtp or eq 25 syntax.

Step-by-Step Solution:
Step 1: Identify the correct ACL type. We need an extended ACL so a typical number such as 110 is appropriate.Step 2: Choose the protocol keyword that matches SMTP, which is tcp because SMTP uses TCP port 25.Step 3: Decide on the source parameters. The requirement allows any source, so the keyword any is used.Step 4: Decide on the destination. Only host 1.1.1.1 should be matched, so we use host 1.1.1.1.Step 5: Finally specify that only SMTP traffic is allowed by appending eq smtp to the Access Control Entry.

Verification / Alternative check:
You can mentally verify the chosen command by reading it in plain language. The command access-list 110 permit tcp any host 1.1.1.1 eq smtp can be read as permit all TCP traffic from any source to destination host 1.1.1.1 when the destination port equals SMTP. This exactly matches the textual requirement. Any option that omits tcp, omits the destination host keyword, or uses the wrong list number would not reflect the given scenario accurately.

Why Other Options Are Wrong:
The line access-list 10 permit smtp host 1.1.1.1 is invalid because 10 is a standard ACL number and cannot match on ports, and smtp is not a valid protocol keyword in that context. The option access-list 110 permit ip any host 1.1.1.1 eq smtp uses ip instead of tcp, which is not correct when matching a specific transport layer port. The command access-list 10 permit tcp any host 1.1.1.1 eq smtp again uses a standard ACL number. The option using udp any host 1.1.1.1 eq smtp is wrong because SMTP is not a UDP based protocol.

Common Pitfalls:
Many learners confuse standard and extended ACL ranges and mistakenly try to use a standard list to filter on ports. Others choose the ip keyword when they want to match any protocol and forget that port based matching only works for tcp or udp. Another classic mistake is reversing the any and host keywords, which would restrict the source incorrectly instead of the destination server. Being precise with ACL syntax is critical to avoid unintentional blocking or permitting of traffic.

Final Answer:
The correct command is access-list 110 permit tcp any host 1.1.1.1 eq smtp.