In this example, I design on purpose to ask you: you must allow PING (that is, ICMP) and disallow TELNET (that is, TCP port 23) at the same time. So that you will be forced to use "Extended" ACL. This is because we have to us one ACL to allow and disallow packets in different services from the same source IP address, which is not possible in "Standard" ACL.
A sample content of ACL and its application could be like this:
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 100 in
clock rate 64000
!
access-list 100 deny tcp any 192.168.0.0 0.0.255.255 eq telnet
access-list 100 permit ip any any
The above sample assumes you apply it on the inbound direction of "Serial0/0/0". We can also apply the same ACL on the outbound direction of "FastEthernet0/0" and "FastEthernet0/1" to achieve the same protection.
Also remember: the question in a test about ACL always have been framed into one possible answer. In daily life, there is often more than one possible answer to your asked requirements. Be creative about the possible outcome answer for ACL!
No comments:
Post a Comment
Tip: you can also anonymously comment here.