From: Jennifer Bellucci (jennifer_bellucci@hotmail.com)
Date: Sat Apr 12 2003 - 23:56:19 GMT-3
Yes, it has to be named...thanks alot. Think about it, I am getting ready
for my lab and I can't even remember named? It jut makes me feel great
(tears sweeping down cheeks) but I'm OK, I am stronger than this, if I don't
pass I am going to buy a 12 GSR and graft it on to my body, half human half
cisco...shame I can't upload the IOS into my head at the same time.
Ta Luv
----- Original Message -----
From: "Jennifer Bellucci" <jennifer_bellucci@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Saturday, April 12, 2003 5:55 PM
Subject: ACL Time Range with No Extra
> Hi People
>
> I was doing some practice on ACL when I cam along a question about filters
and
> using "as few lines as possible" phrase. Having seen this in the list
before,
> it got me doing something I can't do to often...thinking.
>
> Question is something like...Enable a filter, that filters FTP + WEB
traffic
> from 08:00 to 11:59 weekdays and UDP on weekends from 01:00 to 13:00. Use
as
> few lines as possible, when creating your filter. ( Denying the traffic
> mentioned ) You should be able to the filter without having to remove
first,
> in the future.
>
> Now say we have network :
>
> R1------R2------R3
>
> R1 is running OSPF and R3 is running EIGRP. R2 is performing red for both
and
> the filter is to be on applied to both protocol interfaces of R2. I know
the
> filter is 2 lines, I know that, but if I was to apply the filter it would
> block the ip updates and such. With no "permit ip any any", I am pretty
much
> lost. So, if I add this, how can I add to the filter later on when
everything
> id permitted by the statement before? what about the routing updates. The
same
> acl has to be activated on 2 interfaces and for 2 different protocols. I
then
> come to the conclusion that by adding to the filter a specific permit for
ospf
> and eigrp, everything is OK. Fine, four lines in the filter.2 for the
traffic,
> 2 for the protocols (still with me?). With no permit Ip any any, not all
Ip
> traffic will pass, will it? what about peering for other protocols not
> mentioned? (Say you assumed you had DLSW also running somewhere and it has
to
> use this link to peer) I don't think so. So I guess you have to add the
line.
> If we made the IP line more specific, then we would have to add more than
one
> line, because we don't know what major networks are connected to the EIGRP
or
> OSPF networks.
>
> After a few minutes, your asked to test your filter, add to filter so that
it
> stops BGP TCP traffic. With a permit IP any any in the ACL, what do I do?
> Can't remove it, how do I structure it so that I can deny the BGP traffic,
but
> the ACL in the first part must be complete. Normally, if this was a normal
lab
> I could mix the lines and off I go. Then comes the thing the really gets
to
> me, use as few lines as possible. With the question specifying 2 confirmed
> lines and a third in part 2 of the question, how many lines do I need and
> then. Will my filter allows normal required operation at the same time?
>
> Maybe I am looking to deep into the question, or I created a question
that is
> simply not possible? I don't know.
> This is where you come in...help me find a solution. Pretty please with a
> cherry on top.
>
> Thanks
>
> Jennifer B"ll{cci 3
>
> Jennifer_bellucci@hotmail.com
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:51 GMT-3