Re: RE: OT - A puzzle for CCIE Students from Narbik Kocharians on 2010-10-22 (Ccielab archives 10/2010)

From: Narbik Kocharians <narbikk_at_gmail.com>
Date: Fri, 22 Oct 2010 08:39:30 -0700

Here is a list:

1. Filter all RIPs updates coming from R2 on R3 fa0/0 interface with
access-list/prefix-list/route-map and vice versa.
2. Filter the default route from R2 on R3 and vice versa.
3. Instead of filtering, you could also use the distance command and set it
to 255.
4. Filter default from R2 on R3, and R3 to R2 using an "Offset-list in".
5. Configure passive-interface on the F0/0 interfaces of R2 and R3, and then
on Both routers configure a "Neighbor R1".
6. Configure the ports that R2 and R3 are connected as "swi Protect".
7. Configure Private Vlan; configuring the F0/0 interface of R2 and R3 in
Isolated, and the F0/0 interface of R1 in primary.
8. Mac ACLs or an IP access-list and a Vlan Access-map that denies the two
routers from communicating.
9. Configuring an MQC that matches on the destination-address MAC and drops
that traffic in the policy-map thats assigned to the F0/0 interface of R2
and Vice versa.
10. Dropping the traffic by filtering the MAC on the switchports.
11. Put R2 and R3 in different subnets and do a "no validate-update source"
on R1.
Try to add another one to the list.
On Fri, Oct 22, 2010 at 4:09 AM, Tanvir Afsar <tanvir.afsar_at_gmail.com>wrote:

> Block incoming Default route on R2 and R3.
>
> Regards Tanvir
>
>
>
> On 22 October 2010 15:40, Ryan DeBerry <rdeberry_at_gmail.com> wrote:
> > What a way to start off the morning. Change ip on r2 or r3 to different
> > subnet, no validate update source on r1.
> >
> > On Oct 22, 2010 2:03 AM, "Joseph L. Brunner" <joe_at_affirmedsystems.com>
> > wrote:
> >
> > No ip cef on R1 kid
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> ...
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>

-- 
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net

Received on Fri Oct 22 2010 - 08:39:30 ART

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:06 ART