Kevin Dorrell, CCIE #20765

16 Feb 2008

NMC Lab 7.12 – Security

Filed under: Security — dorreke @ 11:59

I racked my brains about where to activate this access list.  Logically, I would put it as an incoming access-list on the Internet connection.  It would be definitely a question for the proctor: “Which interface will be connected to the Internet?”  I applied it to Fa0/0, which happens to be the same as the SHOWiT.

What did they mean “”Packets destined for the default network”?  The nearest entry they have in their access-list for that is deny ip any host 0.0.0.0.  Is that what they were referring to.  For me, that was one of the two entries I put in for “broadcast packets”.  So I went one stage further and guessed deny ip any 0.0.0.0 0.255.255.255.  I wonder whether I would have been marked down for that.

They also wanted to block multicast packets.  I blocked just the multicast range deny ip any 224.0.0.0 15.255.255.255.  That is what they do in the AK, but the SHOWiT has deny ip any 224.0.0.0 31.255.255.255.  I hope either would be accepted.

There are so many questions here that I am bound to have fallen foul of one of them, so “Nil points”, which is depressing.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: