Denying Telnet to a specific destination network Which extended ACL line denies all Telnet (TCP port 23) traffic <em>to</em> the 192.168.10.0/24 network while leaving other traffic unaffected?

Introduction / Context:
Extended IPv4 ACLs can filter based on protocol and ports with precise source and destination fields. To block Telnet to a destination network, you must set the source to any, the destination to the target subnet with a wildcard mask, the protocol to TCP, and the destination port to 23 (telnet).

Given Data / Assumptions:

• Target destination network: 192.168.10.0/24.
• Traffic to block: Telnet (TCP 23).
• Using a numbered extended ACL (100 range).

Concept / Approach:

Correct format: access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23. This denies Telnet sessions to any host in that /24. Place appropriate permit statements after it to allow desired traffic and avoid implicit deny of all else.

Step-by-Step Solution:

Verification / Alternative check:

Attempt a Telnet connection to any host in 192.168.10.0/24; the ACL counter should increment and the session should fail, while other protocols succeed if permitted later in the ACL.

Why Other Options Are Wrong:

• Option A uses a subnet mask instead of a wildcard and reverses fields.
• Option B has an invalid wildcard.
• Option D omits the protocol keyword and reverses positions.
• Option E uses ACL 10 (standard), which cannot match ports.

Common Pitfalls:

• Forgetting that ACLs end with an implicit deny; add permits as needed.
• Reversing source and destination fields.

Final Answer:

access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23