From: Marc La Porte (marc.a.laporte@gmail.com)
Date: Wed Aug 13 2008 - 02:35:58 ART
Thanks guys for your replies... I see where I went wrong.
Oh well... learned another thing... better to learn now than at the lab
right...
To quote Brian Dennis: "the only thing you want to learn at the CCIE lab is
what your new number is"
Ain't that the truth!
On Wed, Aug 13, 2008 at 5:36 AM, Huan Pham
<Huan.Pham@peopletelecom.com.au>wrote:
> Marc,
>
> One more thing: Your solution blocks all access outside business hours.
> This again does not meet requirements.
>
> time-range WWW
> periodic weekdays 09:00 to 16:59
> !
> access-list 182 permit tcp any host 148.26.3.100 eq www time-range WWW
> access-list 182 deny tcp any any eq www time-range WWW
> access-list 182 permit ip any any time-range WWW
> !
>
> The third (last) ACL 182 statment should not have had a time-range.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Huan Pham
> Sent: Wednesday, 13 August 2008 10:55 AM
> To: Marc La Porte; Cisco certification
> Subject: RE: Time Range ACL question
>
> Hi Marc,
>
> Your answer did not meet one of the requirements, which is:
> - Use the minimum amount of access-list entries to accomplish this
>
> Their solution uses 2 entries which is the minimum. Yours uses 3
> entries. Note that the question is to use the minimum number of ACL
> entries, and not minimum number of commands!
>
> However, their solution is not all correct either! I would give both
> Brian's 0 points for this task. The task states
>
> "Work hours are from 9 AM to 5 PM Monday through Friday"
>
> Why they use this statement???????
>
> periodic weekdays 17:01 to 23:59
>
> Do they mean that everyone should work extra minute from 17:00:00 -
> 17:00:59 . Who will pay for the OT? Is Internetwork Experts willing to
> take the bills?
>
> Heheh.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Marc La Porte
> Sent: Wednesday, 13 August 2008 6:46 AM
> To: Cisco certification
> Subject: Time Range ACL question
>
> Hi guys,
>
> Question (IE lab 9, 8.2 for those interesed):
> - Configure R5 to block excessive surfing the internet traffic during
> working hours so that they can only go to your internal web server at
> 148.26.3.100.
> - After hours these users should be allowed full access
> - Work hours are from 9 AM to 5 PM Monday through Friday
> - Use the minimum amount of access-list entries to accomplish this
>
> Their answer:
> ip access-list extended DENY_INTERNET_SURFING permit ip any any
> time-range NON_WORK_HOURS permit tcp any host 148.26.3.100 eq www !
>
> time-range NON_WORK_HOURS
> periodic weekends 0:00 to 23:59
> periodic weekdays 0:00 to 8:59
> periodic weekdays 17:01 to 23:59
> !
> interface fa0/1
> ip access-group DENY_INTERNET_SURFING in
>
>
> My answer:
> time-range WWW
> periodic weekdays 09:00 to 16:59
> !
> access-list 182 permit tcp any host 148.26.3.100 eq www time-range WWW
> access-list 182 deny tcp any any eq www time-range WWW access-list 182
> permit ip any any time-range WWW !
>
> int f0/1
> ip access-group 182 in
>
>
> Is my answer ok as well?
> Which answer is better?
>
> Thanks
> Marc
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART