IPExperts - V9 - Section 9 - task 4

From: James MacDonald (j4m3sm63@yahoo.ca)
Date: Sun Nov 04 2007 - 23:23:28 ART

• Next message: Joseph Brunner: "RE: IPExperts - V9 - Section 9 - task 4"
• Previous message: Joseph Brunner: "RE: MAC access list Vs. port security"
• Next in thread: Joseph Brunner: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: Joseph Brunner: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: Scott Morris: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: Balmik Soin: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: James MacDonald: "Re: IPExperts - V9 - Section 9 - task 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, I have a question about IPExperts Version 9.0 workbook - Section 9, task 4. Below is the question and the solution they provided ... and my solution. I know for part of the discrepancy i have used specific hosts in the acl where they used ANY ... but I know that that should work either way and still full fill the requirements. The issue I have is in interpretation of the last past. It clearly asked "deny all inbound traffic from hosts 150.50.7.32-150.50.7.63 with a TCP port greater than 1023" ... which I read as a source port greater than 1023 ... but the solution they provided has the destination port greater than 1023.

Anyone else have issues here? Or am i not reading this correctly?

Thanks,

===========================
Question:
===========================
On R7, configure an access-list that allows R7 to only form an OSPF adjacency with R5 on the 150.50.7.0/25 network. The access-list should also deny PIM either destined for R7 or beyond, from R6. In addition, the access-list should deny all inbound traffic from hosts 150.50.7.32-150.50.7.63 with a TCP port greater than 1023. All other IP traffic should be permitted.

===========================
Lab Solution:
===========================
ip access-list extended MyFilter

 permit ospf host 150.50.7.5 any

 deny ospf any any

 deny pim host 10.50.7.6 any

 deny tcp 150.50.7.32 0.0.0.31 any gt 1023

 permit ip any any

===========================
My Solution
===========================
R7#sh ip access-lists
Extended IP access list lab9-4
    permit ospf host 150.50.7.5 host 150.50.7.7
    deny ospf any host 150.50.7.7
    deny pim host 150.50.7.6 any
    deny tcp 150.50.7.32 0.0.0.31 gt 1023 any
    permit ip any any (2 matches)

 
------------------------------
Jim MacDonald
j4m3sm63@yahoo.ca
------------------------------

      Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca

• Next message: Joseph Brunner: "RE: IPExperts - V9 - Section 9 - task 4"
• Previous message: Joseph Brunner: "RE: MAC access list Vs. port security"
• Next in thread: Joseph Brunner: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: Joseph Brunner: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: Scott Morris: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: Balmik Soin: "RE: IPExperts - V9 - Section 9 - task 4"
• Maybe reply: James MacDonald: "Re: IPExperts - V9 - Section 9 - task 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART