Is this correct to do inspection on incoming and outside traffic especially
in this case?
I thought we can use "ip inspect <name> in" under fa0/0 or in "out"
direction on serial interface only.
On Thu, Apr 29, 2010 at 3:55 PM, Keith Barker <kbarker_at_ine.com> wrote:
> Hello Vibs-
>
> Great question. As you stated, as long as the traffic is inspected before
> it hits the wire on S0/0/0 it should work.
>
> So regarding the lab, if it was really ONLY those 2 interfaces, I would
> consider how it may be graded.
>
> Do they run traffic through, and measure results?
> Do they use a show ip inspect all, and look at the results?
> Do they look for the inspection rule applied to an interface?
>
> In any case, make sure that the name of the inspection rule exactly matches
> what was asked for, including case.
>
> My opinion, if it was me in the lab today, I would do this:
>
> R5(config)#int fa 0/0
>
> R5(config-if)# I put the inspection rule ingress here and egress on
> S0/0/0-so you would be sure to see it :)
>
> R5(config-if)#ip inspect inspection-name1 in
>
> R5(config-if)#int ser 0/0/0
>
> R5(config-if)#ip inspect inspection-name1 out
>
> R5(config-if)# I put the inspection rule egress here and ingress on
> Fa0/0-so
> you would be sure to see it :)
>
>
>
> That way, if a human actually does look at it, you are demonstrating that
> you were covering your bases, and not fishing.
>
>
> Best wishes,
>
> Keith
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Vibeesh S
> Sent: Thursday, April 29, 2010 6:39 AM
> To: Cisco certification
> Subject: Query CBAC implementation
>
> Hi,
>
> Assuming that I have router with the following interfaces
>
>
>
> F0/0 ---- Router ---- S0/0/0
>
>
> If I am configuring cbac for traffic going out of my lan to the internet
>
> Is this
>
> conf t
> inte f0/0
> ip inspect inspection-name1 in
>
>
> the same desired implementation as
>
> conf t
> inter s0/0/0
> ip inspect inspection-name1 out
>
>
> If so, is configuring either one of them acceptable in the lab.
> Or is there any limitation/practises
>
> Thanks,
> Vibs
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 30 2010 - 10:37:26 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART