Re: REFLEXIVE ACCESS LIST ,IEWB VER3.0, LAB 2 , Task 9.4

From: Shamin (ccie.xpert@gmail.com)
Date: Sat Apr 22 2006 - 04:34:01 GMT-3

• Next message: allboutcisco: "eigrp variance"
• Previous message: Sidalo: "Re: REFLEXIVE ACCESS LIST ,IEWB VER3.0, LAB 2 , Task 9.4"
• Maybe in reply to: Shamin: "REFLEXIVE ACCESS LIST ,IEWB VER3.0, LAB 2 , Task 9.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I see that now. I understand it.Silly one, I know .

Thanks

On 4/22/06, Sidalo <sidalo@gmail.com> wrote:
>
> The 9.4 ACL builds upon an existing ACL that was created in 9.2 to block
> SNMP.
> That is why it is named SNMP and has the SNMP block in it.
>
> On 4/21/06, Shamin <ccie.xpert@gmail.com> wrote:
>
> > Hi,
>
> First of all, thankyou one for all your inputs.
>
> My question is based on IEWB Ver3.0 ,LAB2 TASK 9.4.
> Would appreciate answers especially from Brians .
>
>
> The lab requirements states as follows,
>
> -Configure your network so that ICMP traffic is only allowed into your
> network via VLAN 52 if the traffic was initiated from behind R5.
> -For diagnostic and troubleshooting purposes ensure that users throughout
> your network are still able to traceroute from behind R5.
>
> Topology:
>
> 192.10.1.0 (VLAN52)
> < ---------- R5
> (E0/1) ----------------------------------- (E0/0)BB2
>
>
> Configuration on R5:
>
> Rack1R5#
>
> interface Ethernet 0/1
> ip access-group DENY_SNMP in
> ip access-group EVALUATE_ICMP out
> !
> ip access-list extended DENY_SNMP
> deny udp any any eq snmp
> permit icmp any any time-exceeded
> permit icmp any any port-unreachable
> evaluate ICMP
> deny icmp any any
> permit ip any any
> !
> ip access-list extended EVALUATE_ICMP
> permit icmp any any reflect ICMP
> permit ip any any
>
>
> In the above configuration, I understoodeverything except , "deny udp any
> any eq snmp" statement in the begning of DENY_SNMP extended list. Couldnt
> figure out the reason for that statement ,that too at the begning of the
> list.
>
> In the same List DENY_SNMP, theres "permit ip any any" statement. Is this
> statement used to allow the protocols related updates or is it refering
> to
> something other than my understanding.
>
> regards
> shamin
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: allboutcisco: "eigrp variance"
• Previous message: Sidalo: "Re: REFLEXIVE ACCESS LIST ,IEWB VER3.0, LAB 2 , Task 9.4"
• Maybe in reply to: Shamin: "REFLEXIVE ACCESS LIST ,IEWB VER3.0, LAB 2 , Task 9.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:58 GMT-3