RE: Time Range ACL question

From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Tue Aug 12 2008 - 21:55:29 ART

• Next message: Hobbs: "Is there a way to filter show ip bgp by community?"
• Previous message: John Wayne: "Re: CCIE SP Mini-Scenarios"
• Maybe in reply to: Marc La Porte: "Time Range ACL question"
• Next in thread: Luan Nguyen: "Re: Time Range ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Marc,

Your answer did not meet one of the requirements, which is:
- Use the minimum amount of access-list entries to accomplish this

Their solution uses 2 entries which is the minimum. Yours uses 3
entries. Note that the question is to use the minimum number of ACL
entries, and not minimum number of commands!

However, their solution is not all correct either! I would give both
Brian's 0 points for this task. The task states

"Work hours are from 9 AM to 5 PM Monday through Friday"

Why they use this statement???????

 periodic weekdays 17:01 to 23:59

Do they mean that everyone should work extra minute from 17:00:00 -
17:00:59 . Who will pay for the OT? Is Internetwork Experts willing to
take the bills?

Heheh.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Marc La Porte
Sent: Wednesday, 13 August 2008 6:46 AM
To: Cisco certification
Subject: Time Range ACL question

Hi guys,

Question (IE lab 9, 8.2 for those interesed):
- Configure R5 to block excessive surfing the internet traffic during
working hours so that they can only go to your internal web server at
148.26.3.100.
- After hours these users should be allowed full access
- Work hours are from 9 AM to 5 PM Monday through Friday
- Use the minimum amount of access-list entries to accomplish this

Their answer:
ip access-list extended DENY_INTERNET_SURFING
 permit ip any any time-range NON_WORK_HOURS
 permit tcp any host 148.26.3.100 eq www !

time-range NON_WORK_HOURS
 periodic weekends 0:00 to 23:59
 periodic weekdays 0:00 to 8:59
 periodic weekdays 17:01 to 23:59
!
interface fa0/1
  ip access-group DENY_INTERNET_SURFING in

My answer:
time-range WWW
 periodic weekdays 09:00 to 16:59
!
access-list 182 permit tcp any host 148.26.3.100 eq www time-range WWW
access-list 182 deny tcp any any eq www time-range WWW
access-list 182 permit ip any any time-range WWW !

int f0/1
 ip access-group 182 in

Is my answer ok as well?
Which answer is better?

Thanks
Marc

Blogs and organic groups at http://www.ccie.net

• Next message: Hobbs: "Is there a way to filter show ip bgp by community?"
• Previous message: John Wayne: "Re: CCIE SP Mini-Scenarios"
• Maybe in reply to: Marc La Porte: "Time Range ACL question"
• Next in thread: Luan Nguyen: "Re: Time Range ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART