Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 207

An administrator attempts to download the .pack NBAR2 file using TFTP from the CPE router to another device over the Gi0/0 interface. The CPE is configured as below: hostname CPE
!
ip access-list extended WAN
<`¦>
remark => All UDP rules below for WAN ID: S421T18E58F90
permit udp any eq domain any
permit udp any any eq tftp
deny udp any any
!
interface GigabitEthernet0/0
<`¦>
ip access-group WAN in
<`¦>
!
tftp-server flash:pp-adv-csr1000v-1612.1a-37-53.0.0.pack
The transfer fails. Which action resolves this issue?

Answer options

• A. Make the permit udp any eq tftp any entry the last entry in the WAN ACL
• B. Shorten the file name to the 8+3 naming convention
• C. Change the WAN ACL to permit the entire UDP destination port range
• D. Change the WAN ACL to permit the UDP port 69 to allow TFTP

Correct answer: C

Explanation

The correct answer is C because allowing the entire UDP destination port range ensures that TFTP traffic is not blocked by the access list. Options A and D would only partially solve the issue by allowing specific traffic, while option B is irrelevant since the file name format doesn't affect TFTP functionality.