It only states that bgp,eigrp, ospf and ripv2 are pre-configured on the routers. in any case, my KISS acl should do the trick as well? but i guess you're correct, it is a security lab
PS is it me or is the ip they are using for Cat3 in 34.4 legacy traffic control wrong? they use 9.9.156.13 but cat3 does not have an interface in the subnet? should it not be 9.2.13.13 ? in addition, why is the statement 190 permit tcp any 10.0.255.0 0.0.0.255 established used after evaluate REF-ACL? i know it has to do with reflective acl's but why this network? On Jul 4, 2011, at 2:21 PM, Jay Taylor wrote: > Somewhere in that lab I remember it stating a requirement that BGP and NTP > must be functional throughout the topology. Why would you want simple acls in > a security lab? ;) > > > On Mon, Jul 4, 2011 at 7:59 AM, Alef <[email protected]> wrote: > Hi Guys, > In this task, why is so much effort put into writing such an acl? > > is it not easier to just do > > deny IN-FILTER WEB-MAINT > deny IN-FILTER WEB-MAINT > permit ip any any > > ? It does not state anywhere that it is not allowed to pass any other > traffic. But in this example great effort is made to permit ntp and bgp > peerings, it seems a hassle to me ? > > The other thing is, why is > > ip access-list extended WEB_SERVER > deny tcp host 9.9.156.2 host 10.10.45.4 <-- done ? > > In my video it says that this is because we do not want the ACS server to be > checked by tcp intercept, and this is the translated address, but that's not > true? In the previous task we translated the ACS server to 9.2.1.100, as per > the book task. 9.9.156.2 is the interface address of R2, namely gi0/1.1256 > > rgds, > Alef > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > -- > > Jay Taylor > CCIE #28391 > @JTIE_6EE7 > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
