From: Scott Morris (smorris@internetworkexpert.com)
Date: Wed Aug 13 2008 - 00:05:20 ART
This has been a long-running point of contention. Search the archives for
loads of fun there. :)
The seconds aren't able to be listed, because they're all already included.
So putting 16:59 really goes THROUGH 16:59:59.... If you put 17:00 for 5pm,
that would actually go UP TO 5:01pm (17:00:59 then cut off)
HTH,
Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
Senior CCIE Instructor
smorris@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Luan
Nguyen
Sent: Tuesday, August 12, 2008 10:58 PM
To: Huan Pham
Cc: Marc La Porte; Cisco certification
Subject: Re: Time Range ACL question
Well, if you start working from bloody 12PM :) Have you notice that the
time-range thing doesn't have "second" option and just hour and minute mate?
Yours would mean the work hour ends at 4:59.
How's my Australian? :P
On Tue, Aug 12, 2008 at 10:24 PM, Huan Pham
<Huan.Pham@peopletelecom.com.au>wrote:
> Hi Luan,
>
> Hmm, ... Understand....
>
>
> But my point is that, they have a wrong statement, defining the
> NON_WORKING_HOURS. It should have been:
>
> time-range NON_WORK_HOURS
> periodic weekends 0:00 to 23:59
> periodic weekdays 0:00 to 8:59
> ****** periodic weekdays 17:00 to 23:59 *********
>
> And not from 17:01 to 23:59. Their solution results in working hours
> as from 9:00 to 17:01.
>
> Who else apart from you and the 5 CCIE work till 17:01 ? I leave
> office sharp even from 16:00, no more strokes after that.
>
>
> :-))
>
> Maybe too much Foster is on my side. Who knows!
>
>
> ________________________________
>
> From: Luan Nguyen [mailto:luan.m.nguyen@gmail.com]
> Sent: Wednesday, 13 August 2008 12:08 PM
> To: Huan Pham
> Cc: Marc La Porte; Cisco certification
> Subject: Re: Time Range ACL question
>
>
> That belongs in the NON_WORK_HOURS. Too many Fosters? How can you
> doubt a 5 CCIE? :) Basically, what they said is if the time-range
> match then allow everything, else just allow the web-server which is
> during working hours.
> Since the question didn't ask to block web-server access during non
> work hours...then it permits access all the time.
> A very smart approach. Should pay attention to the concept they use
> and not just the technical stuffs.
>
> -Luan
>
>
> On Tue, Aug 12, 2008 at 8:55 PM, Huan Pham
> <Huan.Pham@peopletelecom.com.au> wrote:
>
>
> Hi Marc,
>
> Your answer did not meet one of the requirements, which is:
>
> - Use the minimum amount of access-list entries to accomplish
> this
>
>
> Their solution uses 2 entries which is the minimum. Yours uses 3
> entries. Note that the question is to use the minimum number of
> ACL
> entries, and not minimum number of commands!
>
> However, their solution is not all correct either! I would give
> both
> Brian's 0 points for this task. The task states
>
>
> "Work hours are from 9 AM to 5 PM Monday through Friday"
>
>
> Why they use this statement???????
>
>
> periodic weekdays 17:01 to 23:59
>
>
> Do they mean that everyone should work extra minute from
> 17:00:00 -
> 17:00:59 . Who will pay for the OT? Is Internetwork Experts
> willing to
> take the bills?
>
> Heheh.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of
> Marc La Porte
> Sent: Wednesday, 13 August 2008 6:46 AM
> To: Cisco certification
> Subject: Time Range ACL question
>
> Hi guys,
>
> Question (IE lab 9, 8.2 for those interesed):
> - Configure R5 to block excessive surfing the internet traffic
> during
> working hours so that they can only go to your internal web
> server at
> 148.26.3.100.
> - After hours these users should be allowed full access
> - Work hours are from 9 AM to 5 PM Monday through Friday
> - Use the minimum amount of access-list entries to accomplish
> this
>
> Their answer:
> ip access-list extended DENY_INTERNET_SURFING
> permit ip any any time-range NON_WORK_HOURS
> permit tcp any host 148.26.3.100 eq www !
>
> time-range NON_WORK_HOURS
> periodic weekends 0:00 to 23:59
> periodic weekdays 0:00 to 8:59
> periodic weekdays 17:01 to 23:59
> !
> interface fa0/1
> ip access-group DENY_INTERNET_SURFING in
>
>
> My answer:
> time-range WWW
> periodic weekdays 09:00 to 16:59
> !
> access-list 182 permit tcp any host 148.26.3.100 eq www
> time-range WWW
> access-list 182 deny tcp any any eq www time-range WWW
> access-list 182 permit ip any any time-range WWW !
>
> int f0/1
> ip access-group 182 in
>
>
> Is my answer ok as well?
> Which answer is better?
>
> Thanks
> Marc
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART