GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IPExperts - V9 - Section 9 - task 4 posted 11/04/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


There almost needs to be labs simply on how to interpret questions. As I do more labs I guess I should get more proficient in this portion of the test. 
 
 ... thanks for the response ... i'll keep plugging away.


------------------------------
Jim MacDonald
j4m3sm63@xxxxxxxx
------------------------------

----- Original Message ----
From: Scott Morris <swm@xxxxxxxxxx>
To: James MacDonald <j4m3sm63@xxxxxxxx>; ccielab@xxxxxxxxxxxxxx
Sent: Sunday, November 4, 2007 9:50:48 PM
Subject: RE: IPExperts - V9 - Section 9 - task 4

I see where you're coming from on this, although (IMHO) the original
 intent
was for destination stuff there, but it makes sense to me how you
interpreted it.

What I would recommend in the real lab is asking the clarifying
 question of
the proctor.  If nothing else, they should know what kind of answer
 they
gave you (which would lead to you making a decision) and make note of
 that
for the grading portion in case the person who wrote the script thought
differently.

I'll make note of that and try to make the wording more specific
 though.

Cheers,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
 JNCIE-M
#153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor
 
A Cisco Learning Partner - We Accept Learning Credits!
 
smorris@xxxxxxxxxxxx
 
Telephone: +1.810.326.1444 
Fax: +1.810.454.0130
http://www.ipexpert.com
 

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
James MacDonald
Sent: Sunday, November 04, 2007 9:23 PM
To: ccielab@xxxxxxxxxxxxxx
Subject: IPExperts - V9 - Section 9 - task 4

Hi, I have a question about IPExperts Version 9.0 workbook - Section 9,
 task
4. Below is the question and the solution they provided ... and my
 solution.
I know for part of the discrepancy i have used specific hosts in the
 acl
where they used ANY ... but I know that that should work either way and
still full fill the requirements. The issue I have is in interpretation
 of
the last past. It clearly asked "deny all inbound traffic from hosts
150.50.7.32-150.50.7.63 with a TCP port greater than 1023" ... which I
 read
as a source port greater than 1023 ... but the solution they provided
 has
the destination port greater than 1023.

Anyone else have issues here? Or am i not reading this correctly?

Thanks,

===========================
Question:
===========================
On R7, configure an access-list that allows R7 to only form an OSPF
adjacency with R5 on the 150.50.7.0/25 network. The access-list should
 also
deny PIM either destined for R7 or beyond, from R6. In addition, the
access-list should deny all inbound traffic from hosts
150.50.7.32-150.50.7.63 with a TCP port greater than 1023. All other IP
traffic should be permitted.

===========================
Lab Solution:
===========================
ip access-list extended MyFilter

 permit ospf host 150.50.7.5 any

 deny   ospf any any

 deny   pim host 10.50.7.6 any

 deny   tcp 150.50.7.32 0.0.0.31 any gt 1023

 permit ip any any

===========================
My Solution
===========================
R7#sh ip access-lists
Extended IP access list lab9-4
    permit ospf host 150.50.7.5 host 150.50.7.7
    deny ospf any host 150.50.7.7
    deny pim host 150.50.7.6 any
    deny tcp 150.50.7.32 0.0.0.31 gt 1023 any
    permit ip any any (2 matches)

 
------------------------------
Jim MacDonald
j4m3sm63@xxxxxxxx
------------------------------




      Be smarter than spam. See how smart SpamGuard is at giving junk
 email
the boot with the All-new Yahoo! Mail.  Click on Options in Mail and
 switch
to New Mail today or register for free at http://mail.yahoo.ca 

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html







      Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail.  Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca