From: Leo Leung (leoleung_yh@yahoo.com)
Date: Fri Apr 21 2006 - 03:37:23 GMT-3
It's true the ACL was missing, but only one time-range
was in the solution guide, and I think there's no need
to create another one. The question asked to have
least amount of ACLs and I thought these 2 should
work:
access-list 105 permit tcp 148.1.5.0 0.0.0.255 host
148.1.3.100 eq www
access-list 105 permit ip 148.1.5.0 0.0.0.255 any
time-range NON_WORK_HOURS
Any time not in the time-range NON_WORK_HOURS is
implicit denied. In addtion vlan 5 subnet should be
used as source network, since users are on the vlan 5
only. Just my opinion.
Leo
--- "Melwani, Manoj J" <melwanim@citigroup.com> wrote:
> IEWB ver3 Vol 1 Lab 9 - 9.2 Traffic Filtering
> solution guide is missing the ACL:
>
> interface Ethernet0/1
> ip access-group DENY_INTERNET_SURFING in
>
> time-range NON_WORK_HOURS
> periodic weekend 0:00 to 23:59
> periodic weekdays 0:00 to 8:59
> periodic weekdays 17:01 to 23:59
>
>
> Here's what I came up with. Can Brian's confirm if
> this is okay if not can you provide a complete
> solution.
>
>
> interface Ethernet0/1
> ip access-group TIME_BASED in
>
>
> ip access-list extended TIME_BASED
> permit tcp any host 148.1.3.100 eq www
> deny tcp any any eq www time-range WORK_HOURS
> permit ip any any
>
>
> time-range WORK_HOURS
> periodic weekdays 9:00 to 16:59
>
>
> thanks,
> Manoj.
>
> Manoj J. Melwani
> Citigroup - Extranet Network Integration
> Phone: (212) 291-3189
> Email: melwanim@citigroup.com
>
>
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:58 GMT-3