Exam 300-410 topic 1 question 164 discussion

Answer is D: IPv6 access-class vs IPv6 traffic-filter The difference depends on whether you want to filter IPv6 traffic sent *to* the router or *through* the router. The 'ipv6 traffic-filter' command is used to filter IPv6 traffic flowing through an interface: Command reference (with example): http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_09.html#wp2297000 The 'ipv6 access-class' command is used to filter IPv6 traffic destined to the router (i.e. management traffic). Command reference (with example): http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_05.html#wp2274594

Simulated in a lab. It also can be applied to the vty with ipv6 access-class command. So, examine if the access-list applied via ipv6 access-class permit tcp traffic to port 23 (or 22 when ssh) from / to the desired IPs.

"While monitoring VTY access to a router' Its confusing but after reading if few times , it appears , acl needs to be applied on the VTY lines , therefore , option D suits the best otherwise for the interface , it will be option A

D is correct

Answer is D c) ipv6 traffic-filter -> it's used under the interface d) ipv6 access-class -> it's used under the VTY line

Both C and D works to filter telnet access but in this case the acl, INTERNET, is not only dealing with telnet traffic but http and hosts as well and so it has to be applied at the interface using ipv6 traffic-filter in. C is the correct answer

Both C and D works to filter telnet access but in this case the acl, INTERNET, is not only dealing with telnet traffic but http and hosts as well and so it has to be applied at the interface using ipv6 traffic-filter in. C is the correct answer

Answer is D: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16/sec-data-acl-xe-16-book/ip6-acls-xe.html

How can so many people get it wrong? traffic-filter command is the ipv6 equivalent for ip access-group for applying access-list to an interface

This is being applied to the vty lines, so the answer is D

first, you should define ipv6 access-list in grobal configuration mode,and ipv6 traffic-filter is when you want to apply it in a interface, and when in conditio of a vty ,the command wull be access-list, the answer is D,given answer is correct

C is correct answer, the ipv6 access-list need to be applied on an interface using ip filter command

C is right,

This is the right command to apply to the interface.