From: Salah ElShekeil (salah.elshekeil@gmail.com)
Date: Sun Mar 29 2009 - 05:41:23 ART
the question is clear, only to the web server in the work hours !
so you will give full permission in the non work hours everything else is
denied, :)
HTH
Salah
On Sun, Mar 29, 2009 at 11:09 AM, Ahmed Ejaz <aahmedejaz@gmail.com> wrote:
> Hi guys,
>
> I was going through one of the labs from IE and I am a bit confuse with the
> solution. The tasks says:
>
> " Vlan 5 users have been excessively surfing the web during work hours.
> Manager has requested to configure Router 5 to block these users and let
> them go to your internal webserver at 148.1.3.100". After work hours they
> can have full access. Work hours are from 9Am to 5PM Mon to Friday. Use
> minimum amount of access-list to accomplish this.
>
> The solution says:
>
> ip access-list extended DENY_INTERNET_SURFING
> permit ip any any time-range NON_WORK_HOURS
> permit tcp any host 148.1.3.100 eq www
>
> time-range NON_WORK_HOURS
> periodic weekend 0:00 to 23:59
> periodic weekdays 00:00 to 8:59
> periodic weekday 17:01 to 23:59
>
> interface e0/1
> ip access-group DENY_INTERNET_SURFING in
>
> My confusion is that with the above solution, wouldn't the router allow
> only
> ip traffic during non work hours and block all ip traffic during work hours
> as there is a deny all at the end? which means that they will not be able
> to
> communicate with any device except the webserver during work hours behind
> router 5?
>
> Regards,
>
> Ahmed.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:08 ART