Allowing only HTTP into a destination subnet Which access list permits only HTTP traffic into the 196.15.7.0/24 network (all other protocols are blocked by implicit deny)?

Introduction / Context:
To allow only HTTP into a subnet, create a single extended ACL line that permits TCP port 80 to the destination network and rely on the implicit deny to block everything else. Extended ACLs provide the required Layer-4 match capability via port numbers (such as www for 80).

Given Data / Assumptions:

• Destination network: 196.15.7.0/24.
• Desired traffic: HTTP (TCP port 80, alias www).
• ACL will be applied so that it filters traffic entering that subnet.

Concept / Approach:

The correct extended ACL entry is: access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www. Because an ACL ends with an implicit deny ip any any, other protocols (HTTPS, FTP, ICMP, etc.) will be blocked unless explicitly permitted by additional lines.

Step-by-Step Solution:

Verification / Alternative check:

Generate HTTP traffic to a host in the subnet and observe show access-lists 100 counters increment. Try non-HTTP traffic to verify it is blocked by implicit deny.

Why Other Options Are Wrong:

• Option B uses a standard ACL number and attempts to match ports, which is invalid.
• Option C omits the protocol and source; invalid syntax.
• Option D permits all IP protocols, defeating the goal of “only HTTP.”
• Option E uses a non-existent protocol keyword “www” in place of tcp … eq www.

Common Pitfalls:

• Forgetting that implicit deny blocks all other traffic; add explicit permits as needed.
• Applying the ACL in the wrong direction or at the wrong hop (best practice is to place extended ACLs as close to the source as possible).

Final Answer:

access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www