You cant get tested on something which is a bug that only appears in certain versions of code. Granted 12.2(44)SE is specified in the blueprint, but that is a bit rich.
Especially when one considers that the grading script would be looking for a "show" command here, because it is unlikely they will have some traffic generator spitting out Appletalk frames. Not that Apple computers have even used Appletalk (by default) since quite some time ago. Kind of like IPX - remember that one? Cheers, Matt CCIE #22386 CCSI #31207 On 11 September 2012 09:26, Eugene Pefti <[email protected]> wrote: > Hello guys, > > I wonder if this was tested? > > > > Eugene > > > > From: Brian Clarke [mailto:[email protected]] > Sent: Monday, September 03, 2012 10:55 PM > To: Eugene Pefti; "Peter Jørgensen\"; [email protected] > > > Subject: Re: [OSL | CCIE_Security] Prevent AppleTalk attack on switchport: - > appletalk keyword > > > > I'll give it a try. We're mostly and apple shop. Not sure we have any > AppleTalk left though. > > > > Respectfully, > Brian Clarke > > > > > > From: Eugene Pefti <[email protected]> > Date: Tuesday, September 4, 2012 1:35 AM > To: "\"Peter Jørgensen\"" <[email protected]>, > "[email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_Security] Prevent AppleTalk attack on switchport: - > appletalk keyword > > > > Theoretically you are right, Peter. > > But IMHO it is just another oversight from Cisco. I wonder if it’s possible > to test and confirm if we connect two Macs to the switch configured with the > first variant of your MAC ACL. > > I can actually do it but later this week. > > > > Eugene > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of "Peter > Jorgensen" > Sent: Monday, September 03, 2012 1:49 AM > To: [email protected] > Subject: [OSL | CCIE_Security] Prevent AppleTalk attack on switchport: - > appletalk keyword > > > > Prevent AppleTalk attack on switchport fa0/10. > > My first solution: > > > ! > mac access-list extended MAC_ACL > deny host 1234.1234.1234 any eq appletalk > permit any any > ! > interface fa0/10 > mac access-group MAC_ACL in > > > But I found this in the documentation: > > ------------------------------------------------------------------------------------------------------------------------------------------------ > NOTE: > > Cisco doc 3560SCG 12.2(44)SE (Creating Named MAC Extended ACLs page 32-26). > > – Though visible in the command-line help strings, AppleTalk is not > supported as a matching condition for > the deny and permit MAC access-list configuration mode commands. > ------------------------------------------------------------------------------------------------------------------------------------------------ > > Solution: Use ethertype 0x809B for Appletalk (Ethertalk). > > So my solution should instead look like this: > > mac access-list extended MAC_ACL > deny host 1234.1234.1234 any eq 0x809B > permit any any > ! > interface fa0/10 > mac access-group MAC_ACL in > > > > Can anyone confirmthat this assumptionis correct? > > > > > * * * PROPRIETARY & CONFIDENTIAL * * * The information contained within this > e-mail and any attached document(s) is confidential and/or proprietary. It > is intended solely for the use of the addressee(s) named above. Unauthorized > disclosure, photocopying, distribution or use of the information contained > herein is prohibited. If you believe that you have received this e-mail in > error, please notify me by reply transmission and delete the message without > copying or disclosing it. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
