RE: CCIE Brianteasers

From: Albert Lu (albert_ccie@xxxxxxxxx)
Date: Sun Nov 25 2001 - 23:35:22 GMT-3

• Next message: Chua, Parry: "RE: Frame Relay Main Interface using 'frame-relay interface-dlci'"
• Previous message: Katopodis, Ange: "RE: CCIE Brianteasers"
• Maybe in reply to: Albert Lu: "CCIE Brianteasers"
• Next in thread: John Neiberger: "RE: CCIE Brianteasers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
So the requirements of:

| 2. Allow SNMP host 150.50.6.225 to access SNMP information from the
devices.

The answer should be:

| access-list 10 permit 150.50.6.225
| snmp-server community test rw 10

???

Thanks

Albert

-----Original Message-----
From: Katopodis, Ange [mailto:angek@cisco.com]
Sent: Monday, November 26, 2001 1:26 PM
To: Albert Lu
Cc: ccielab@groupstudy.com
Subject: RE: CCIE Brianteasers

snmp server host sets up trap destinations

so if snmp-server host a.b.c.d is configured

the router will send snmp traps (events) like interface down or cold
start to a.b.c.d.

snmp-server community test RW 10 defines snmp access policy to that
router.

It sets up a community called test and defines read/write access based
on what is in the access-list.

So if access-list 10 permit 150.50.6.225 is applied. That host has snmp
read/write access to the router. All other hosts will not be able to
access snmp on the router, they will get icmp unreachable message. You
need this stuff turned on when you are running snmp management s/w like
cisco works, hp openview etc.

regards Ange

-----Original Message-----
From: Albert Lu [mailto:albert_ccie@yahoo.com]
Sent: Monday, 26 November 2001 11:24 AM
To: 'John Neiberger'
Cc: ccielab@groupstudy.com
Subject: RE: CCIE Brianteasers

John,

What's the difference between 'snmp-server host a.b.c.d' and using
'snmp-server community test RW 10' where 10 is an access list?

Thanks

Albert

-----Original Message-----
From: John Neiberger [mailto:neiby@excite.com]
Sent: Monday, November 26, 2001 10:46 AM
To: Albert Lu; ccielab@groupstudy.com
Subject: Re: CCIE Brianteasers

Two items that you weren't sure about are:

snmp-server host a.b.c.d

   and

llc2 idle-time 60000

Regards,
John

On Mon, 26 Nov 2001 08:41:54 +1100, Albert Lu wrote:

| Hello Group,
|
| Just working through a practise lab at the moment, with solutions
that
don't
| look correct. Could someone confirm these solutions? (Don't worry, no
NDA
is
| being broken, as they are from a practise lab scenario)
|
| 1. Generate traps that are supported under the RFC for SNMP
| A. No idea. =) Suggestions please
|
| 2. Allow SNMP host 150.50.6.225 to access SNMP information from the
devices.
| A.
| access-list 10 permit 150.50.6.225
| snmp-server community test rw 10
|
| 3. Restrict web traffic on the interface E1/0 to only the hours of
8:00AM
to
| 6:00PM, Monday thru Friday. Allow all other IP traffic to pass.
| A.
|
| interface Ethernet1/0
| ip address 10.1.1.4 255.255.255.0
| ip access-group 100 in
|
| access-list 100 permit tcp any any eq www time-range allow_time
| access-list 100 deny tcp any any eq www
| access-list 100 permit ip any any
|
| time-range allow_time
| periodic weekdays 8:00 to 18:00
|
| 4. Restrict inbound telnet traffic on interface E0 on from 9:00AM to
1:00PM
| only on Monday, Wednesday, and Friday
| A.
| int Ethernet0
| ip access-group 100 in
|
| access-list 100 permit tcp any any eq telnet time-range
allow_telnet
| access-list 100 deny tcp any any eq telnet
| access-list 100 permit ip any any
|
| time-range allow_telnet
| periodic Monday Wednesday Friday 9:00 to 13:00
|
| 5. Configure DLSW between Token Ring segments on R1 and R8. Use IP
address
| of the loopback interfaces for the DLSW peer-id with ring-group value
of
| 4000
| Configure router R1 to block users from accessing SAP with a
value of
| 012 <-----***** Not sure how to do this!!
| Adjust the following DLSW Netbios timers to 50,000 seconds on R1
and
R8:
| NetBIOS - cache-timeout
| NetBIOS - explorer-timeout
| NetBIOS - retry-interval
| Adjust the value of the LLC2 idle timer on TR segments on R1 and
R8 to
| value of 60,000 <-----***** Not sure how to do this!!
|
| A.
|
| R1
| ----
| source-bridge ring-group 4000
| dlsw local-peer peer-id 200.0.0.1
| dlsw remote-peer 0 tcp 200.0.0.8
| dlsw timers netbios-cache-timeout 50000
| dlsw timers netbios-explorer-timeout 50000
| dlsw timers netbios-retry-interval 50000
| !
| interface Loopback0
| ip address 200.0.0.1 255.255.255.255
| !
|
| interface To0
| no ip address
| ring-speed 16
| source-bridge 10 1 4000
|
|
| R8
| ----
| source-bridge ring-group 4000
| dlsw local-peer peer-id 200.0.0.8
| dlsw remote-peer 0 tcp 200.0.0.1
| dlsw timers netbios-cache-timeout 50000
| dlsw timers netbios-explorer-timeout 50000
| dlsw timers netbios-retry-interval 50000
| !
| interface Loopback0
| ip address 200.0.0.8 255.255.255.255
| !
| interface To0
| no ip address
| ring-speed 16
| source-bridge 10 1 4000
|
| Any feedback is greatly appreciated.
|
| Thanks
|
| Albert
|
|

• Next message: Chua, Parry: "RE: Frame Relay Main Interface using 'frame-relay interface-dlci'"
• Previous message: Katopodis, Ange: "RE: CCIE Brianteasers"
• Maybe in reply to: Albert Lu: "CCIE Brianteasers"
• Next in thread: John Neiberger: "RE: CCIE Brianteasers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:22 GMT-3