Permitting SMTP to a single host with an extended ACL Which ACL line correctly permits only SMTP (TCP port 25) traffic destined for host 1.1.1.1?

Introduction / Context:
Extended ACLs can filter traffic based on Layer-3 and Layer-4 criteria such as protocol and port numbers. SMTP uses TCP port 25. To allow only SMTP traffic to a specific destination while denying other protocols by default, you write a precise extended ACL entry and apply it in the proper direction.

Given Data / Assumptions:

• Destination host: 1.1.1.1.
• Protocol/port: TCP port 25 (smtp).
• Numbered extended ACL syntax is being used.

Concept / Approach:

The canonical extended ACL format is: access-list <100–199|2000–2699> {permit|deny} tcp eq . For “any” source to a single host using SMTP, that becomes access-list 110 permit tcp any host 1.1.1.1 eq smtp.

Step-by-Step Solution:

Verification / Alternative check:

After applying, verify counters with show access-lists 110 while generating SMTP test traffic and ensure other protocols are blocked by implicit deny if no other permits follow.

Why Other Options Are Wrong:

• Options A and C use ACL 10, which is a standard ACL number and cannot match ports.
• Option B’s syntax is invalid: “ip smtp” is not a valid qualifier.
• Option E uses UDP; SMTP relies on TCP, not UDP.

Common Pitfalls:

• Applying the ACL in the wrong direction or at the wrong interface.
• Forgetting that there is an implicit deny at the end of every ACL.

Final Answer:

access-list 110 permit tcp any host 1.1.1.1 eq smtp