From: CCIE FUN (ccieexam2002@yahoo.com)
Date: Mon Feb 17 2003 - 12:29:20 GMT-3
also add Ip access-group 10 in under the interface
vlan
standard access-list's don't use the "protocol"
argument.
here is how the access-list should be
> interface vlan46
> ip access-group 10 in
>
> access-list 10 deny 10.0.0.0 0.255.255.255
> access-list 10 deny 192.168.0.0 0.0.255.255
> access-list 10 deny 172.16.0.0 0.0.224.255
> access-list 10 permit any
--- Tom Larus <tlarus@cox.net> wrote:
> interface vlan46
> access-group 10 in
>
> access-list 10 deny ip 10.0.0.0 0.255.255.255
> access-list 10 deny ip 192.168.0.0 0.0.255.255
> access-list 10 deny ip 172.16.0.0 0.0.224.255
> access-list 10 permit ip any
>
> I don't have a 3550 right now to test the exact
> syntax on, but it looks
> about right.
>
> Tom Larus, CCIE 10,014
>
> ----- Original Message -----
> From: "pita40" <pita40@hotmail.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, February 16, 2003 12:48 PM
> Subject: private network traffic and 3550
>
>
> > I have a question from one of the commercial labs
> with no answer provided.
> The
> > question is
> >
> > configure cat1 to deny traffic from private
> networks defined by RFC 1918
> on
> > Vlan 46.
> >
> > I am out of ideas on how to solve this question. I
> thought of switchport
> > protected command, but it seems that is not the
> answer
> >
> >
> > Help.
> >
> > P
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:25 GMT-3