From: Shadi (ccie@xxxxxxxxxxxxxxxx)
Date: Thu Mar 21 2002 - 20:23:22 GMT-3
but they are not coming from the outside, they are inside the LAN, the
solution access-list is preventing anybody to connect, look at it.
access-list 103 deny ip 172.26.1.0 0.0.255.255 any
access-list 103 permit ip any any
int fast0/0
ip add 172.26.1.14 255.255.255
ip access-group 103 in
----- Original Message -----
From: "Bauer, Rick" <BAUERR@toysrus.com>
To: "'Shadi'" <ccie@investorsgrp.com>
Sent: Thursday, March 21, 2002 2:52 PM
Subject: RE: CCIE BOOTCMAP Lab 18
> It should be in the source, think about what spoofing is. An internal
> network coming from an external source, therefore, you want to block your
> internals from coming from the outside. HTH...
>
> -----Original Message-----
> From: Shadi [mailto:ccie@investorsgrp.com]
> Sent: Wednesday, March 20, 2002 5:26 PM
> To: ccielab
> Subject: Fw: CCIE BOOTCMAP Lab 18
>
>
> Any one has any clue for the below stuff?
>
>
> > Hi all,
> >
> > Q1:
> >
> > In lab 18 is says, make Router R1 compare meds between R3 and R5?
> >
> > the solution states to use bgp always-compare-med
> >
> > But the R3 and R5 are in the same AS so R3 will always compare MEDs,
> unless R3
> > and R5 are from differenet ASs? correct me if am wrong.
> >
> > Q2:
> >
> > in the same lab, in the security part it states that you should ensure
> that
> > R14 ethernet interface is proctected from spoofing.
> >
> >
> > the solution was:
> >
> > access-list 103 deny ip 172.26.1.0 0.0.255.255 any
> > access-list 103 permit ip any any
> >
> > int fast0/0
> > ip add 172.26.1.14 255.255.255
> > ip access-group 103 in
> >
> >
> > Is that right?, I think it should be
> >
> > access-list 103 deny ip host 172.26.1.14
> > access-list 103 permit ip any any
> >
> >
> > int fast0/0
> > ip add 172.26.1.14 255.255.255
> > ip access-group 103 in
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:17 GMT-3