Thanks a lot King for you time on responding this and clarifying them... I will check them and get back to you if any further doubts.. :)
On Thu, Feb 24, 2011 at 4:53 AM, Kingsley Charles < [email protected]> wrote: > Comments inline...... > > With regards > Kings > > On Thu, Feb 24, 2011 at 12:09 AM, Pemasiri Devanarayana < > [email protected]> wrote: > >> Hi All, >> >> I would appreciate the correct solutions (as expected in the lab grading) >> for below points on various sections of the labs. >> >> 1) if a question asked to authenticate and authorized on particular telnet >> connection ie line 1 & 3 and not to authtenticate on line say 5, will the >> following solution is correct (assumed we have already configured aaa) >> > > I guess configuring "transport input telnet" would be required for > line 1 and 3. But lIne 1 is aux 0.actually. > >> >> line vty 1 (or 3) >> login authentication xxxx (aaa method) >> authorization exec xxxx >> authorization command xx xxxx >> ! >> line vty 5 >> login authentication yyyy (aaa method, none) >> >> 2) when configuring IP NBAR do we need to add the following command in >> addition service-police under the interface. >> interface x/x >> ip nbar protocol-discovery >> service-policy input <pm-name> >> >> ip nbar protocol-discovery is not required > > > > >> 3) when configuring customs signature...and asked that signature should >> protect tunneling over http (such as P2P or instant messaging), do we need >> to configure any additional configuration apart from configuring service >> http type engine matching any patern (using regex) and service-port 80.. >> because still I'm confused how does protect tunneling over http for >> P2P/instant messaging etc. >> > > You should use HTTP AIC engine for this. Create AIC HTTP sig and select sig > type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP Traffic". > > >> >> Thanks in advance... >> >> >> >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
