From: Richard Dumoulin (richard.dumoulin@vanco.es)
Date: Tue Jun 08 2004 - 14:45:10 GMT-3
Yes I think the first option. Even if they do not specify I would do the
first one,
--Richard
-----Original Message-----
From: Sharma, Mohit [mailto:mohit.sharma@hp.com]
Sent: martes, 08 de junio de 2004 19:38
To: ccielab@groupstudy.com
Subject: ACL
Hello All,
If the question states- Create an access-list at the serial interface of a
router, so that only ftp, web and ospf traffic is allowed in. There are
clients and servers on the user LAN.
Now since this specifically states that there are BOTH clients AND servers
in the Lan, should we do this-
access-list 101 permit tcp any eq www 1.1.1.0 0.0.0.255 Access-list 101
permit tcp any 1.1.1.0 0.0.0.255 eq www Access-list 101 permit tcp any eq
ftp 1.1.1.0 0.0.0.255 Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq
ftp Access-list 101 permit any eq ftp-data 1.1.1.0 0.0.0.255 Access-list 101
permit tcp any 1.1.1.0 0.0.0.255 eq ftp-data Access-list 101 permit ospf any
any
This is because since the requirement mentions both clients and servers at
the User interface, the serial interface may get request from outside with a
source port of www or ftp OR it may also get traffic in response to the
clients from the User LAN which has ftp or www in the destination port.
OR Just this will suffice-
Access-list 101 permit tcp any 1.1.1.0 0.0.0.255 eq www Access-list 101
permit tcp any 1.1.1.0.0.0.255 eq ftp Access-list 101 permit tcp any 1.1.1.0
0.0.0.255 eq ftp-data Access-list 101 permit ospf any any
Could somebody please comment.
Smiles,
Mohit.
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:35 GMT-3