Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?

Access Control Lists (ACLs) can be used to restrict access to a router’s VTY (Virtual Teletype) lines for management purposes. In the scenario where a network administrator with an IP address of 192.168.11.10 needs to manage R1, the ACL should be applied to R1 to control access to its VTY lines. This is typically done with a standard ACL because only the source IP address needs to be evaluated.

The best type of ACL for this situation would be:

• Standard ACL inbound on R1 vty lines

This ACL will filter traffic coming into the VTY lines of R1, allowing only the administrator’s IP address to access the router for management while denying all others. The use of a standard ACL is sufficient since the requirement is to filter based on source IP addresses only.

Here’s why the other options are less suitable:

1. Standard ACL inbound on R2 WAN interface connecting to the internet: This would be inefficient and potentially insecure, as it would apply the filter too broadly, affecting all traffic passing through the WAN interface, not just management traffic to R1.
2. Extended ACL outbound on R2 S0/0/1: While extended ACLs are more precise because they can filter based on both source and destination IP addresses as well as ports, applying this ACL on R2’s interface would be incorrect because it would not effectively restrict access to R1’s management interface.
3. Extended ACLs inbound on R1 G0/0 and G0/1: Using extended ACLs on R1’s interfaces would be overly complex for the requirement and might inadvertently block legitimate traffic. The goal is to restrict access to the VTY lines, not to filter general traffic coming into the router’s interfaces.

So, a standard ACL applied to the VTY lines of R1 is the best choice to ensure that only the administrator can access R1 for management purposes.