Re: IPExperts - V9 - Section 9 - task 4 posted 11/04/2007
- Subject: Re: IPExperts - V9 - Section 9 - task 4
- From: James MacDonald <j4m3sm63@xxxxxxxx>
- Date: Sun, 4 Nov 2007 19:08:46 -0800 (PST)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID; b=Ydc2i9UDK4HUAx2URDPcVMCFWnkHSuJHIlTQ7oSfbwzv1b8BZTaYxyJuiAgJAhCwZTEIwOM54aX42VB5taigx0q9BOFY9qSprFTj37XrB1LNvjUe5scBUp40QO2GcSqEKOOwrThGPoE6aUZfvE1yfXKQyQeK9reCJunz4gFkhJg=;
There almost needs to be labs simply on how to interpret questions. As I do more labs I guess I should get more proficient in this portion of the test.
... thanks for the response ... i'll keep plugging away.
----- Original Message ----
From: Scott Morris <swm@xxxxxxxxxx>
To: James MacDonald <j4m3sm63@xxxxxxxx>; ccielab@xxxxxxxxxxxxxx
Sent: Sunday, November 4, 2007 9:50:48 PM
Subject: RE: IPExperts - V9 - Section 9 - task 4
I see where you're coming from on this, although (IMHO) the original
was for destination stuff there, but it makes sense to me how you
What I would recommend in the real lab is asking the clarifying
the proctor. If nothing else, they should know what kind of answer
gave you (which would lead to you making a decision) and make note of
for the grading portion in case the person who wrote the script thought
I'll make note of that and try to make the wording more specific
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
#153, JNCIS-ER, CISSP, et al.
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor
A Cisco Learning Partner - We Accept Learning Credits!
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Sent: Sunday, November 04, 2007 9:23 PM
Subject: IPExperts - V9 - Section 9 - task 4
Hi, I have a question about IPExperts Version 9.0 workbook - Section 9,
4. Below is the question and the solution they provided ... and my
I know for part of the discrepancy i have used specific hosts in the
where they used ANY ... but I know that that should work either way and
still full fill the requirements. The issue I have is in interpretation
the last past. It clearly asked "deny all inbound traffic from hosts
184.108.40.206-220.127.116.11 with a TCP port greater than 1023" ... which I
as a source port greater than 1023 ... but the solution they provided
the destination port greater than 1023.
Anyone else have issues here? Or am i not reading this correctly?
On R7, configure an access-list that allows R7 to only form an OSPF
adjacency with R5 on the 18.104.22.168/25 network. The access-list should
deny PIM either destined for R7 or beyond, from R6. In addition, the
access-list should deny all inbound traffic from hosts
22.214.171.124-126.96.36.199 with a TCP port greater than 1023. All other IP
traffic should be permitted.
ip access-list extended MyFilter
permit ospf host 188.8.131.52 any
deny ospf any any
deny pim host 10.50.7.6 any
deny tcp 184.108.40.206 0.0.0.31 any gt 1023
permit ip any any
R7#sh ip access-lists
Extended IP access list lab9-4
permit ospf host 220.127.116.11 host 18.104.22.168
deny ospf any host 22.214.171.124
deny pim host 126.96.36.199 any
deny tcp 188.8.131.52 0.0.0.31 gt 1023 any
permit ip any any (2 matches)
Be smarter than spam. See how smart SpamGuard is at giving junk
the boot with the All-new Yahoo! Mail. Click on Options in Mail and
to New Mail today or register for free at http://mail.yahoo.ca
Subscription information may be found at:
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca