Hi all,
Does anyone have any thoughts on what you might do in the exam in a scenario
where you have to deny everything for a reflexive ACL or CBAC or whatever?
I noticed in the CBAC examples on the DocCD they recommend the following:
access-list 100 deny tcp any any
access-list 100 deny udp any any
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 deny ip any any
Some vendor workbooks just go with something like this:
ip access-list extended CBAC-IN
permit icmp any any port-unreachable
permit icmp any any time-exceeded
permit eigrp any any
deny ip any any log
Would you lose points for having all the extra stuff the DocCD recommends if
not explicitly told to put it in?
Blogs and organic groups at http://www.ccie.net
Received on Fri Jul 24 2009 - 15:41:10 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART