Re: [OSL | CCIE_RS] Task 8-2 LAB 4- Vol2

Wed, 23 Dec 2009 07:09:30 -0800 

If requirement  All IP Addresses should be pingable or telnet"able":-) 
somewhere in LAB , adjust these commands  as may be the HIDDEN  requirements

This will test the LAYER 4 ACL knowledge, combined with security.

I forget  "always" think of  TWO DIRECTIONs :-) 

From: [email protected]
Date: Tue, 22 Dec 2009 01:16:15 -0500
To: [email protected]
CC: [email protected]
Subject: Re: [OSL | CCIE_RS] Task 8-2 LAB 4- Vol2

I agree with Bryan.  Remember Bauke, ICMP echo and ICMP echo-reply are only two 
functions of ICMP.  There are many other message types (for instance ICMP 
redirect, ICMP host-unreachable, etc...) Do what the lab says -- Nothing more, 
nothing less : )



On Mon, Dec 21, 2009 at 10:50 PM, Bryan Bartik <[email protected]> wrote:


Bauke,

Without looking at the task, it may depend. If the task specified PING traffic, 
I would use your ACL (echo and echo-reply). If it said ICMP, then "permit icmp 
any any" would be fine.




On Mon, Dec 21, 2009 at 8:04 PM, Bauke Dzavhale <[email protected]> 
wrote:






When using ACLs to classify ICMP traffic an ACL was created as follows:
access-list 110 permit icmp any any.
 
For telnet the ACL was set up as follows:
access-list 111 permit TCP any any eq 23
access-list 111 permit TCP any  eq 23 any

I understand the telnet ACL but I have a problem with icmp...

 
I would build the ACL for icmp as follows:
access-list 110 permit icmp any any eq echo
access-list 110 permit icmp any any eq echo-reply
 
 
Any comments?

Thanks B




      The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for 
Yahoo! Get it Now for Free!


_______________________________________________


For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com




-- 
Bryan Bartik
CCIE #23707 (R&S, SP), CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com




_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com




-- 
Regards,

Joe Astorino CCIE #24347 (R&S)
Sr. Technical Instructor - IPexpert
Mailto: [email protected]


Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130

IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, 
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service 
Provider) Certification Training with locations throughout the United States, 
Europe and Australia. Be sure to check out our online communities at 
www.ipexpert.com/communities and our public website at www.ipexpert.com 




                                          
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141664/direct/01/
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to