Anyone run into these when doing Lab 1. *Task 6.1 CoPP* *==================================* Allow ICMP pings sourced from RFC 1918 only.
As per the final config it should be done as below, class-map match-all copp match access-group 101 match not access-group 102 ! ! policy-map copp class copp drop I did it like below with just one acl, any reason we would need to do it like above? I also included the networks that were part of the DMVPN from earlier, shouldn't that be included as well? ! ! ip access-list extended ICMP_FILTER deny icmp 44.44.44.0 0.0.0.255 any deny icmp 11.11.11.0 0.0.0.255 any deny icmp 10.0.0.0 0.255.255.255 any echo deny icmp 172.16.0.0 0.15.255.255 any echo deny icmp 192.168.0.0 0.0.255.255 any echo permit icmp any any ! *Task 8.2 Preventing unauthorized connections* *=========================================* Need to disable proxyarp but the solution disabled that only on the outside. The question just says disable why not do for all interfaces?
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
