Referring to a single host in ACL syntax: Which statements are valid ways to match only the single host 172.16.30.55 in a Cisco IP access list?

Introduction / Context:
ACL entries can match a single IP address using two common forms: a special keyword form and a wildcard form. Choosing the most readable and least error-prone syntax helps keep ACLs understandable during audits and troubleshooting.

Given Data / Assumptions:

• We want to match exactly one host: 172.16.30.55.
• We are writing Cisco IOS ACL entries.
• Either named or numbered ACLs are acceptable; the matching syntax is the same.

Concept / Approach:

The canonical single-host forms are either host 172.16.30.55 or 172.16.30.55 0.0.0.0. Both match only the specified IP. Wider wildcards like 0.0.0.255 match a whole /24 and are not single-host matches. Tokens like any or misplaced keywords are not valid as part of a host match operand in standard ACL address fields.

Step-by-Step Solution:

Verification / Alternative check:

Test with a simulator or device: traffic from 172.16.30.55 matches; 172.16.30.54 does not. Substituting 0.0.0.0 as the wildcard yields identical behavior.

Why Other Options Are Wrong:

Option C matches an entire /24 (not a single host).

Options D and E misuse keywords and are not valid host-only operands in standard address positions.

Common Pitfalls:

Accidentally using 0.0.0.255 when you meant 0.0.0.0; mixing extended ACL syntax fields with standard ACL address operands; forgetting that ACLs end with an implicit deny.

Final Answer:

host 172.16.30.55