You should be fine with just one ACL, I did the same way before I looked
up the solutions. It does teh same job.
A.
On 9/9/2012 8:43 AM, GuardGrid wrote:
Anyone run into these when doing Lab 1.
*Task 6.1 CoPP*
*==================================*
Allow ICMP pings sourced from RFC 1918 only.
As per the final config it should be done as below,
class-map match-all copp
match access-group 101
match not access-group 102
!
!
policy-map copp
class copp
drop
I did it like below with just one acl, any reason we would need to do
it like above?
I also included the networks that were part of the DMVPN from earlier,
shouldn't that be included as well?
!
!
ip access-list extended ICMP_FILTER
deny icmp 44.44.44.0 0.0.0.255 any
deny icmp 11.11.11.0 0.0.0.255 any
deny icmp 10.0.0.0 0.255.255.255 any echo
deny icmp 172.16.0.0 0.15.255.255 any echo
deny icmp 192.168.0.0 0.0.255.255 any echo
permit icmp any any
!
*Task 8.2 Preventing unauthorized connections*
*=========================================*
Need to disable proxyarp but the solution disabled that only on the
outside. The question just says disable why not do for all interfaces?
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
