Access Control Lists (How ...
    19 November 08

    Access Control Lists (How to Fail a Task without Really Trying)

    Posted byINE

    Hello to all our faithful blog readers, I hope this post find you very well, and enjoying your studies!

    Access list tasks are a common CCIE Lab Exam feature, and I wanted to take a moment to show how easy it can be for a candidate to miss one thing or many things in such a task.

    Here is the task topology and the task itself. Following that we have the proposed solution by a Mock Student :-)

    Can you find the errors in his or her ways?

    The Topology

    The Task


    Traffic Filtering

    8.1 Configure a security filter on R3 that will accomplish the following for traffic entering the router from the direction of R2:

    • Allow Telnet from R2 (S0/1) to R1 (Lo1)
    • Allow BGP traffic through the router
    • Allow ICMP ping traffic between R1 (Lo1) and R2 (Lo1)
    • Block any traffic sourced from RFC 1918 addresses – log these violations and include Layer 2 address information

    4 points

    The Proposed Solution

    access-list 100 permit tcp host eq telnet host eq telnet
    access-list 100 permit tcp any any eq bgp
    access-list 100 permit icmp host host
    access-list 100 permit icmp host host
    access-list 100 deny ip any log
    access-list 100 deny ip any log
    access-list 100 deny ip any log
    interface Serial1/2
    ip access-group 100 in

    NOTE: I have posted a solution to this blog in the comments. The solution post date is November 20th, 2008.

    Hey! Don’t miss anything - subscribe to our newsletter!

    © 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo