From: ZeroFlash (Fire_Ice@verizon.net)
Date: Fri Jul 21 2006 - 08:37:28 ART
The rules are that any additional configuration that does NOT violate the
requirement or any other requirement is still fair game. With that being
said my personal choice in the real world is to put it for both.
Please see below...
Zeroflash
CCIE #16217
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Nuno
Ceitil
Sent: Thursday, July 20, 2006 5:48 PM
To: security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: Fine Print
Hi All,
FOR THE LAB AND ONLY THE LAB - General Feeling
ACL that needs to match DNS
only udp 53
or
udp and tcp 53 - it wouldn't hurt so long as there is something that doesn't
state block tcp 53
ACL to match PING
only icmp
or
icmp and udp/echo/echo-reply
ICMP contains more than just ping, I would clarify with the proctor and if
it's only ping the they only get ICMP echos and echo-replys.
ACL to match OSPF
only ospf host ip host ip
or
ospf host ip host ip + ospf host ip 224.0.0.x
ospf 224.0.0.x host IP
ospf host ip 224.0.0.x
Limit TCP intercept or CBAC sessions but only one set of high/low values
given - question implies setting global values
if it implies only global commands ONLY USE GLOBAL commands.
only set global values
or
set global values and one minute values
Thoughts and comments please.
Thanks
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART