From: Ahmed Ejaz (aahmedejaz@gmail.com)
Date: Sun Mar 29 2009 - 05:09:19 ART
Hi guys,
I was going through one of the labs from IE and I am a bit confuse with the
solution. The tasks says:
" Vlan 5 users have been excessively surfing the web during work hours.
Manager has requested to configure Router 5 to block these users and let
them go to your internal webserver at 148.1.3.100". After work hours they
can have full access. Work hours are from 9Am to 5PM Mon to Friday. Use
minimum amount of access-list to accomplish this.
The solution says:
ip access-list extended DENY_INTERNET_SURFING
permit ip any any time-range NON_WORK_HOURS
permit tcp any host 148.1.3.100 eq www
time-range NON_WORK_HOURS
periodic weekend 0:00 to 23:59
periodic weekdays 00:00 to 8:59
periodic weekday 17:01 to 23:59
interface e0/1
ip access-group DENY_INTERNET_SURFING in
My confusion is that with the above solution, wouldn't the router allow only
ip traffic during non work hours and block all ip traffic during work hours
as there is a deny all at the end? which means that they will not be able to
communicate with any device except the webserver during work hours behind
router 5?
Regards,
Ahmed.
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:08 ART