Hello Vibs-
Great question. As you stated, as long as the traffic is inspected before
it hits the wire on S0/0/0 it should work.
So regarding the lab, if it was really ONLY those 2 interfaces, I would
consider how it may be graded.
Do they run traffic through, and measure results?
Do they use a show ip inspect all, and look at the results?
Do they look for the inspection rule applied to an interface?
In any case, make sure that the name of the inspection rule exactly matches
what was asked for, including case.
My opinion, if it was me in the lab today, I would do this:
R5(config)#int fa 0/0
R5(config-if)# I put the inspection rule ingress here and egress on
S0/0/0-so you would be sure to see it :)
R5(config-if)#ip inspect inspection-name1 in
R5(config-if)#int ser 0/0/0
R5(config-if)#ip inspect inspection-name1 out
R5(config-if)# I put the inspection rule egress here and ingress on Fa0/0-so
you would be sure to see it :)
That way, if a human actually does look at it, you are demonstrating that
you were covering your bases, and not fishing.
Best wishes,
Keith
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Vibeesh S
Sent: Thursday, April 29, 2010 6:39 AM
To: Cisco certification
Subject: Query CBAC implementation
Hi,
Assuming that I have router with the following interfaces
F0/0 ---- Router ---- S0/0/0
If I am configuring cbac for traffic going out of my lan to the internet
Is this
conf t
inte f0/0
ip inspect inspection-name1 in
the same desired implementation as
conf t
inter s0/0/0
ip inspect inspection-name1 out
If so, is configuring either one of them acceptable in the lab.
Or is there any limitation/practises
Thanks,
Vibs
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 29 2010 - 12:55:20 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART