An ACL is already configured on the R1 Fastethernet2/0 (VLAN4) interface to fulfill the requirement for Section 2.1.
You need to merge ACLs for this. See Example 2-23.
ACL 101 configured in Example 2-23 will not allow noninitial fragments through to the server because of the first line. A noninitial fragment to the server is denied when it encounters the first ACL line because Layer 3 information in the packet matches the Layer 3 information in the ACL line.
Initial or nonfragments to port 80 on the server also match the first line of the ACL for Layer 3 information, but because the fragments keyword is present, the next ACL entry (the second line) is processed. The second line of the ...