Kevin Dorrell, CCIE #20765

16 Feb 2008

NMC Lab 7.12 – Security

Filed under: Security — dorreke @ 11:59

I racked my brains about where to activate this access list.  Logically, I would put it as an incoming access-list on the Internet connection.  It would be definitely a question for the proctor: “Which interface will be connected to the Internet?”  I applied it to Fa0/0, which happens to be the same as the SHOWiT.

What did they mean “”Packets destined for the default network”?  The nearest entry they have in their access-list for that is deny ip any host  Is that what they were referring to.  For me, that was one of the two entries I put in for “broadcast packets”.  So I went one stage further and guessed deny ip any  I wonder whether I would have been marked down for that.

They also wanted to block multicast packets.  I blocked just the multicast range deny ip any  That is what they do in the AK, but the SHOWiT has deny ip any  I hope either would be accepted.

There are so many questions here that I am bound to have fallen foul of one of them, so “Nil points”, which is depressing.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: