From: Fosket, William (William.Fosket@compass.net)
Date: Wed Dec 13 2006 - 10:58:17 ART
When you are making holes in your acl's, they should only be to permit what is
required. I'd suggest that permitting telnet to every interface satisfies the
requirement with the most functionality and the least impact on the traffic
restrictions expected of the original acl's. Nobody can say that you
permitted too much and nobody can complain that they didn't get all of the
connectivity that was expected.
If you are willing to permit more than what is required, why not just remove
the acl's?
Good Luck,
Bill Fosket, CCIE 16041
-----Original Message-----
From: nobody@groupstudy.com on behalf of Kal Han
Sent: Tue 12/12/2006 11:50 PM
To: Groupstudy; Cisco certification
Subject: how complicated are acls ?
Hi
When configuring acl in the lab ( time constraint factor )
and if the question says allow telnet access to router that has
inbound access-lists configured on the interfaces -
given that the router has 2 physical interfaces and 2 loopbacks
Is it expected to write up all the possible acls.
*example*
permit tcp any router_int1_IP eq telnet
permit tcp any router_int2_IP eq telnet
permit tcp any router_loop1_IP eq telnet
permit tcp any router_loop2_IP eq telnet
or
just a "permit any any eq telnet" will be OK to use.
please let me know.
It could be irritating to ask the proctor about this granular
stuff sometimes...
(i understand its more 'secure' to use the first one... but
in terms of what lab exam is testing... is it required ? )
Thanks
Kal
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART