From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Tue Aug 12 2008 - 23:24:41 ART
Hi Luan,
Hmm, ... Understand....
But my point is that, they have a wrong statement, defining the
NON_WORKING_HOURS. It should have been:
time-range NON_WORK_HOURS
periodic weekends 0:00 to 23:59
periodic weekdays 0:00 to 8:59
****** periodic weekdays 17:00 to 23:59 *********
And not from 17:01 to 23:59. Their solution results in working hours as
from 9:00 to 17:01.
Who else apart from you and the 5 CCIE work till 17:01 ? I leave office
sharp even from 16:00, no more strokes after that.
:-))
Maybe too much Foster is on my side. Who knows!
________________________________
From: Luan Nguyen [mailto:luan.m.nguyen@gmail.com]
Sent: Wednesday, 13 August 2008 12:08 PM
To: Huan Pham
Cc: Marc La Porte; Cisco certification
Subject: Re: Time Range ACL question
That belongs in the NON_WORK_HOURS. Too many Fosters? How can you
doubt a 5 CCIE? :)
Basically, what they said is if the time-range match then allow
everything, else just allow the web-server which is during working
hours.
Since the question didn't ask to block web-server access during non work
hours...then it permits access all the time.
A very smart approach. Should pay attention to the concept they use and
not just the technical stuffs.
-Luan
On Tue, Aug 12, 2008 at 8:55 PM, Huan Pham
<Huan.Pham@peopletelecom.com.au> wrote:
Hi Marc,
Your answer did not meet one of the requirements, which is:
- Use the minimum amount of access-list entries to accomplish
this
Their solution uses 2 entries which is the minimum. Yours uses 3
entries. Note that the question is to use the minimum number of
ACL
entries, and not minimum number of commands!
However, their solution is not all correct either! I would give
both
Brian's 0 points for this task. The task states
"Work hours are from 9 AM to 5 PM Monday through Friday"
Why they use this statement???????
periodic weekdays 17:01 to 23:59
Do they mean that everyone should work extra minute from
17:00:00 -
17:00:59 . Who will pay for the OT? Is Internetwork Experts
willing to
take the bills?
Heheh.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
Marc La Porte
Sent: Wednesday, 13 August 2008 6:46 AM
To: Cisco certification
Subject: Time Range ACL question
Hi guys,
Question (IE lab 9, 8.2 for those interesed):
- Configure R5 to block excessive surfing the internet traffic
during
working hours so that they can only go to your internal web
server at
148.26.3.100.
- After hours these users should be allowed full access
- Work hours are from 9 AM to 5 PM Monday through Friday
- Use the minimum amount of access-list entries to accomplish
this
Their answer:
ip access-list extended DENY_INTERNET_SURFING
permit ip any any time-range NON_WORK_HOURS
permit tcp any host 148.26.3.100 eq www !
time-range NON_WORK_HOURS
periodic weekends 0:00 to 23:59
periodic weekdays 0:00 to 8:59
periodic weekdays 17:01 to 23:59
!
interface fa0/1
ip access-group DENY_INTERNET_SURFING in
My answer:
time-range WWW
periodic weekdays 09:00 to 16:59
!
access-list 182 permit tcp any host 148.26.3.100 eq www
time-range WWW
access-list 182 deny tcp any any eq www time-range WWW
access-list 182 permit ip any any time-range WWW !
int f0/1
ip access-group 182 in
Is my answer ok as well?
Which answer is better?
Thanks
Marc
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART