Comments inline...... With regards Kings
On Thu, Feb 24, 2011 at 12:09 AM, Pemasiri Devanarayana <[email protected]>wrote: > Hi All, > > I would appreciate the correct solutions (as expected in the lab grading) > for below points on various sections of the labs. > > 1) if a question asked to authenticate and authorized on particular telnet > connection ie line 1 & 3 and not to authtenticate on line say 5, will the > following solution is correct (assumed we have already configured aaa) > I guess configuring "transport input telnet" would be required for line 1 and 3. But lIne 1 is aux 0.actually. > > line vty 1 (or 3) > login authentication xxxx (aaa method) > authorization exec xxxx > authorization command xx xxxx > ! > line vty 5 > login authentication yyyy (aaa method, none) > > 2) when configuring IP NBAR do we need to add the following command in > addition service-police under the interface. > interface x/x > ip nbar protocol-discovery > service-policy input <pm-name> > > ip nbar protocol-discovery is not required > 3) when configuring customs signature...and asked that signature should > protect tunneling over http (such as P2P or instant messaging), do we need > to configure any additional configuration apart from configuring service > http type engine matching any patern (using regex) and service-port 80.. > because still I'm confused how does protect tunneling over http for > P2P/instant messaging etc. > You should use HTTP AIC engine for this. Create AIC HTTP sig and select sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP Traffic". > > Thanks in advance... > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
