RE: ACL Question - Can you fix it?

From: Darby Weaver (darbyweaver@yahoo.com)
Date: Sat Dec 08 2007 - 14:39:43 ART

• Next message: Henry Ugwuadu: "Re: EBGP-MULTIHOP"
• Previous message: Chris Riling: "Re: EBGP-MULTIHOP"
• Maybe in reply to: Darby Weaver: "ACL Question - Can you fix it?"
• Next in thread: Darren Johnson: "RE: ACL Question - Can you fix it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good job Darren,

However,

In a lab scenario, one must learn to be very very
explicit and not read into the question any more than
the words of text allow for.

I do not think and PC's on the even side of things
were mentioned except for PC's 16-30 even.

So...

A little over-kill.

And this my friend is what can kill you in a graded
lab scenario. Some of the vendors would let this
slide unless they were explicitly trying to trick you
into allowing other traffic, then you would lose the
point.

So no need to allow those other addresses this time.

:)

--- Darren Johnson <dazza_johnson@yahoo.co.uk> wrote:

> Hey Darby, what better way to start the morning than
> with an ACL question
> ;-)
>
> I got it down to 3 :-(
>
> Permit 192.168.15.16 0.0.0.0
> Deny 192.168.15.16 0.0.0.14
> Perit any
>
> The 192.168.15.16 prevents me from using this
> 2-liner:
>
> Deny 192.168.15.16 0.0.0.14
> Perit any
>
> Do you know the answer?
>
> Dazzler
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Darby Weaver
> Sent: 08 December 2007 00:53
> To: ccielab@groupstudy.com; cisco@groupstudy.com
> Subject: ACL Question - Can you fix it?
>
> Access Lists.
>
> Assume that the 192.168.15.16/28 network has a
> collection of Linux and Windows PCs on it. The
> addressing scheme is such that the Linux PCs have
> the
> addresses
>
> 192.168.15.17
> 192.168.15.19
> 192.168.15.21
>
> and so on through to 192.168.15.29 (odds) while the
> Windows PCs have the addresses
>
> 192.168.15.18
> 192.168.15.20
> 192.168.15.22
>
> and so on through to 192.168.15.30 (even).
>
> All the PCs connect to the core network via a router
> on the same subnet.
>
> One day all the Windows PCs get infected by a virus
> and start sourcing large amounts of network traffic.
> Your task is to create an access list to be used on
> the router for the subnet which drops all network
> traffic from the Windows PCs while allowing traffic
> from the Linux PCs.
>
> Can you create an ACL with just two access list
> entries that will match traffic sourced from all the
> Windows PCs and drop them while allowing all other
> traffic?
>
>

• Next message: Henry Ugwuadu: "Re: EBGP-MULTIHOP"
• Previous message: Chris Riling: "Re: EBGP-MULTIHOP"
• Maybe in reply to: Darby Weaver: "ACL Question - Can you fix it?"
• Next in thread: Darren Johnson: "RE: ACL Question - Can you fix it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST