Re: Access-List Confusion

From: Divin Mathew John (divinjohn@gmail.com)
Date: Sun Mar 29 2009 - 06:03:12 ART

• Next message: nowy1981: "MQC FRTS+ LLQ+CBWFQ"
• Previous message: Jonny English: "Re: OT:Dumps are already out for open-ended questions!!"
• Maybe in reply to: Ahmed Ejaz: "Access-List Confusion"
• Next in thread: Jared Scrivener: "RE: Access-List Confusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Maybe Router 5 e0 is their link to the Internet.! then i guess it
would do the required.! but generally speaking acceslists are
according to the topogloy.! the above accesslist allows Ip traffic to
any where during non work hours and allow connections to webserver
during work hours.! so i guess.i shud do.! could you please provide
the topology?
Thanking You

Yours Sincerely

Divin Mathew John
divinjohn@gmail.com
divin@dide3d.com
+91 9945430983
+91 9846697191
+974 5008916
PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt

On Sun, Mar 29, 2009 at 1:39 PM, Ahmed Ejaz <aahmedejaz@gmail.com> wrote:
> Hi guys,
>
> I was going through one of the labs from IE and I am a bit confuse with the
> solution. The tasks says:
>
> " Vlan 5 users have been excessively surfing the web during work hours.
> Manager has requested to configure Router 5 to block these users and let
> them go to your internal webserver at 148.1.3.100". After work hours they
> can have full access. Work hours are from 9Am to 5PM Mon to Friday. Use
> minimum amount of access-list to accomplish this.
>
> The solution says:
>
> ip access-list extended DENY_INTERNET_SURFING
> permit ip any any time-range NON_WORK_HOURS
> permit tcp any host 148.1.3.100 eq www
>
> time-range NON_WORK_HOURS
> periodic weekend 0:00 to 23:59
> periodic weekdays 00:00 to 8:59
> periodic weekday 17:01 to 23:59
>
> interface e0/1
> ip access-group DENY_INTERNET_SURFING in
>
> My confusion is that with the above solution, wouldn't the router allow only
> ip traffic during non work hours and block all ip traffic during work hours
> as there is a deny all at the end? which means that they will not be able to
> communicate with any device except the webserver during work hours behind
> router 5?
>
> Regards,
>
> Ahmed.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: nowy1981: "MQC FRTS+ LLQ+CBWFQ"
• Previous message: Jonny English: "Re: OT:Dumps are already out for open-ended questions!!"
• Maybe in reply to: Ahmed Ejaz: "Access-List Confusion"
• Next in thread: Jared Scrivener: "RE: Access-List Confusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:08 ART