RE: IPExperts - V9 - Section 9 - task 4

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Nov 04 2007 - 23:49:45 ART

• Next message: Scott Morris: "RE: IPExperts - V9 - Section 9 - task 4"
• Previous message: James MacDonald: "IPExperts - V9 - Section 9 - task 4"
• Maybe in reply to: James MacDonald: "IPExperts - V9 - Section 9 - task 4"
• Next in thread: Scott Morris: "RE: IPExperts - V9 - Section 9 - task 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I didn't attend oxford or yale for English literature, but it appears
"with a TCP port greater than 1023" references "all inbound traffic" which
would be your destination port.

Does anyone who knows English lit know what this type of sentence is called?

It should be written

"deny all inbound traffic with a tcp port greater than 1023 from hosts
150.50.7.32-150.50.7.63"

 would that have helped?

Tschuss,

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James MacDonald
Sent: Sunday, November 04, 2007 9:23 PM
To: ccielab@groupstudy.com
Subject: IPExperts - V9 - Section 9 - task 4

Hi, I have a question about IPExperts Version 9.0 workbook - Section 9, task
4. Below is the question and the solution they provided ... and my solution.
I know for part of the discrepancy i have used specific hosts in the acl
where they used ANY ... but I know that that should work either way and
still full fill the requirements. The issue I have is in interpretation of
the last past. It clearly asked "deny all inbound traffic from hosts
150.50.7.32-150.50.7.63 with a TCP port greater than 1023" ... which I read
as a source port greater than 1023 ... but the solution they provided has
the destination port greater than 1023.

Anyone else have issues here? Or am i not reading this correctly?

Thanks,

===========================
Question:
===========================
On R7, configure an access-list that allows R7 to only form an OSPF
adjacency with R5 on the 150.50.7.0/25 network. The access-list should also
deny PIM either destined for R7 or beyond, from R6. In addition, the
access-list should deny all inbound traffic from hosts
150.50.7.32-150.50.7.63 with a TCP port greater than 1023. All other IP
traffic should be permitted.

===========================
Lab Solution:
===========================
ip access-list extended MyFilter

 permit ospf host 150.50.7.5 any

 deny ospf any any

 deny pim host 10.50.7.6 any

 deny tcp 150.50.7.32 0.0.0.31 any gt 1023

 permit ip any any

===========================
My Solution
===========================
R7#sh ip access-lists
Extended IP access list lab9-4
    permit ospf host 150.50.7.5 host 150.50.7.7
    deny ospf any host 150.50.7.7
    deny pim host 150.50.7.6 any
    deny tcp 150.50.7.32 0.0.0.31 gt 1023 any
    permit ip any any (2 matches)

 
------------------------------
Jim MacDonald
j4m3sm63@yahoo.ca
------------------------------

      Be smarter than spam. See how smart SpamGuard is at giving junk email
the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch
to New Mail today or register for free at http://mail.yahoo.ca

• Next message: Scott Morris: "RE: IPExperts - V9 - Section 9 - task 4"
• Previous message: James MacDonald: "IPExperts - V9 - Section 9 - task 4"
• Maybe in reply to: James MacDonald: "IPExperts - V9 - Section 9 - task 4"
• Next in thread: Scott Morris: "RE: IPExperts - V9 - Section 9 - task 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART