From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Oct 21 2005 - 14:05:16 GMT-3
No, your solution would not be correct. The task states to
"configure SW2 so that traffic is only allowed in from the access point
if it is sourced from the executive's PC.". It does not say to take
into account the MAC address of the access point itself. Try not to
assume what the question is asking you to do, or overcomplicate the
issue at hand. If you are unclear exactly what the objective is ask the
proctor for clarification.
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: De Witt, Duane [mailto:duane.dewitt@siemens.com]
> Sent: Friday, October 21, 2005 11:05 AM
> To: Brian McGahan; kevin gannon
> Cc: Bola Adegbonmire; Cisco certification
> Subject: RE: IEWB Lab 18
>
> Good point, although I am yet to meet a Cisco sales person that
doesn't
> pitch their management systems :)
>
> Would either way be counted as correct in the lab or do you feel that
> one answer is more correct in this case?
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: 21 October 2005 04:25 PM
> To: De Witt, Duane; kevin gannon
> Cc: Bola Adegbonmire; Cisco certification
> Subject: RE: IEWB Lab 18
>
> What if the access point is just bridging and is not running IP at
all?
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of De
> > Witt, Duane
> > Sent: Friday, October 21, 2005 8:13 AM
> > To: kevin gannon
> > Cc: Bola Adegbonmire; Cisco certification
> > Subject: RE: IEWB Lab 18
> >
> > Yeah, agreed. Invariably CDP/STP/SNMP/WLSE traffic would cause the
AP
> to
> > be the first MAC learned by the switch, so a static sticky or
maximum
> 2
> > addresses would be the best answer?
> >
> > Would the guys from IE care to comment?
> >
> > -----Original Message-----
> > From: kgannon@gmail.com [mailto:kgannon@gmail.com] On Behalf Of
kevin
> > gannon
> > Sent: 21 October 2005 12:58 PM
> > To: De Witt, Duane
> > Cc: Bola Adegbonmire; Cisco certification
> > Subject: Re: IEWB Lab 18
> >
> > Dont have an AP to test but I would bet this is caused by
> > CDP/STP traffic. Two would be a better option and hardcode
> > a sticky for the AP.
> >
> > Regards
> > Kevin
> >
> > On 10/21/05, De Witt, Duane <duane.dewitt@siemens.com> wrote:
> > > Hi Bola
> > >
> > >
> > >
> > > Thanks for the response. Take a look below, I happen to have a
> client
> > > network that I can take info from:
> > >
> > >
> > >
> > > This is the show arp on the AP, it shows the MAC of the AP:
> > >
> > > Internet 172.16.254.131 - 000f.903e.3ae7 ARPA BVI1
> > >
> > >
> > >
> > > This is the show mac-address-table of the switch that the AP
> connects
> > > to:
> > >
> > > RCI-GND-SW-2#show mac-address-table interface fastEthernet 0/47
> > >
> > > Mac Address Table
> > >
> > > -------------------------------------------
> > >
> > >
> > >
> > > Vlan Mac Address Type Ports
> > >
> > > ---- ----------- -------- -----
> > >
> > > 1 000f.903e.3ae7 DYNAMIC Fa0/47
> > >
> > > Total Mac Addresses for this criterion: 1
> > >
> > >
> > >
> > > So, it shows that the MAC of the AP is learned by the switch and
> would
> > > count as a secure address. Not sure if this proves anything
though.
> > >
> > >
> > >
> > > ________________________________
> > >
> > > From: Bola Adegbonmire [mailto:bolaccie@yahoo.com]
> > > Sent: 21 October 2005 11:42 AM
> > > To: De Witt, Duane; Cisco certification
> > > Subject: Re: IEWB Lab 18
> > >
> > >
> > >
> > > Hi Duane,
> > >
> > >
> > >
> > > I believe the solution is right based on the following. The AP is
a
> > > swicth, except that it is a wireless swicth (in quote). As a
result
> it
> > > does not forward its own mac-address when forwarding datagrams
> through
> > > it to the network. Only a router replaces the originating
> mac-address
> > > with its own when forwarding packets received on one interface out
> > > another to the network.
> > >
> > >
> > >
> > > So IEWB solution is right.
> > >
> > >
> > >
> > > Or am I missing something group?
> > >
> > >
> > >
> > > Bola
> > >
> > > "De Witt, Duane" <duane.dewitt@siemens.com> wrote:
> > >
> > > Hi Group
> > >
> > >
> > >
> > > Lab 18 requires only one person to be able to use an AP by
> > using
> > > port-security. The recommended solution is 'violation
> protect'
> > > and
> > > 'mac-address sticky'.
> > >
> > >
> > >
> > > If the default maximum mac-addresses is 1 then the only
> > > mac-address that
> > > will be allowed is the mac of the AP itself. Shouldn't the
> > > maximum be
> > > changed to 2 to allow the mac of the AP as well as the mac
> of
> > > the one
> > > person?
> > >
> > >
> > >
> > > Regards
> > >
> > > Duane
> > >
> > >
> > >
> > > ____________________________________________
> > > SIEMENS Siemens Business Services
> > > Siemens Service Center
> > >
> > > 126 14th Road
> > >
> > > Erand Gardens
> > >
> > > Midrand
> > >
> > > South Africa
> > >
> > >
> > >
> > > * +27 11 5452555
> > > * +27 83 4452768
> > > * +27 11 5415219
> > > * duane.dewitt@siemens.com
> > >
> > >
> > >
> >
>
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3