From: Shanky (shankyz@gmail.com)
Date: Tue Jul 05 2005 - 08:47:58 GMT-3
Hi,
The requirement as stated by you is
"sw2 should not respond to packet sent to udp "DIscard" and "chargen" from
the above host"...
note the requirement says ...sent *to udp "Discard" and "Chargen"*
so you need to deny based on the source (.100) and the destination port.
The correct response should be ..
access-list 100 deny udp host 191.1.77.100 <http://191.1.77.100> any eq
Discard
access-list 100 deny udp host 191.1.77.100 <http://191.1.77.100> any eq
Chargen
access-list 100 permit ip any any (This will allow everything including the
UDP Echoes) so I am assuming there is nothing else in the task mentioned by
you to filter or Block.
HTH
Shanky
On 7/5/05, Rajib Khan <rajib56666@yahoo.com> wrote:
> Hi
>
> In the security section of the above ie lab, there is a question about sw2
should accept udp echos from 191.1.77.100 <http://191.1.77.100>. however sw2
should not respond to packet sent to udp "DIscard" and "chargen" from the
above host. Following config was given
>
> service udp-small-servers
> int f0/0
> ip access-group 100 in
>
>
> acc 100 deny udp any any eq discard
> acc 100 den udp any any eq 19
> acc 100 per ip any any
>
> I think above is wrong should it not be like below
>
> acce 100 den udp host 191.1.77.100 <http://191.1.77.100> eq discard any
> eq 19
> permit ip any any
>
> COuld any one please help
>
> Thanks
>
> Raj
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3