Skip to Content

HPE6-A69: How Does an ACL Affect HTTPS Traffic on Aruba CX 6400 Switches?

By: Author Alex Lim

Posted on

Categories Exam

Discover how an ACL on Aruba CX 6400 switches impacts HTTPS traffic from a client to a destination IP address outside the permitted subnet range.

Table of Contents

Question

The example ACL is used with Aruba CX 6400 switches to permit traffic to web servers configured on interface 1/1/1 inbound with IP 10.254.4.1/24:

access-list ip ACL_web_server
10 permit tcp any 10.254.0.0/22 eq 443
20 permit tcp any 10.254.0.0/22 eq 80
30 permit udp any any eq 67
40 permit udp any any eq 68
50 permit udp any any eq 53
60 permit icmp any 10.254.0.0/22 

How does this ACL affect the HTTPS traffic to destination 10.254.4.7 from a client 10.253.1.5 via interface 1/1/2 with IP 10.254.3.1/24?

A. The implicit rules deny the traffic.
B. The traffic is allowed when ACL is bound to inbound traffic.
C. The implicit rule allows the traffic.
D. The ACL would be valid only if bound 1/1/2 outbound.

Answer

A. The implicit rules deny the traffic.

Explanation

The given ACL, named “ACL_web_server,” is configured to permit specific traffic to the 10.254.0.0/22 subnet. The ACL allows TCP traffic on ports 443 (HTTPS) and 80 (HTTP), UDP traffic on ports 67, 68, and 53, and ICMP traffic to the 10.254.0.0/22 subnet.

In the scenario, HTTPS traffic is originating from the client IP 10.253.1.5 and destined for 10.254.4.7 via interface 1/1/2 with IP 10.254.3.1/24. Although the destination IP falls within the 10.254.0.0/22 subnet, the source IP 10.253.1.5 does not match any of the permit statements in the ACL.

When an ACL is applied to an interface, an implicit “deny any any” rule is automatically added at the end of the ACL. This implicit rule denies all traffic that does not match any of the explicit permit statements in the ACL.

Since the client IP 10.253.1.5 does not match any of the permit statements, the HTTPS traffic will be denied by the implicit deny rule, regardless of the interface to which the ACL is bound (inbound or outbound).

Therefore, the correct answer is A. The implicit rules deny the traffic.

HPE6-A69 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the HPE6-A69 exam and earn HPE6-A69 certification.