CCIE - Internetwork Expert's Online Community

Hi,

I just completed Lab 5 of IEWB volume 2, but I completed task 8.1 and 8.2 differently than what is shown in the Solutions Guide.

For Task 8.1, I configured CBAC as follows:

ip inspect name TASK8.1 tcp router-traffic
ip inspect name TASK8.1 udp
ip inspect name TASK8.1 icmp router-traffic

interface Ethernet0/0
 ip address 204.12.1.4 255.255.255.0
 ip access-group TASK8.1 in
 ip inspect TASK8.1 out

Rack1R4#sh ip access-lists
Extended IP access list TASK8.1
    10 permit udp any eq rip any eq rip (3975 matches)
    20 permit tcp any eq bgp any
    30 permit tcp any any eq bgp

And for Task 8.2, I configured a port ACL on SW2 instead of a VLAN ACL as in the solutions guide:

SW2:
ip access-list extended TASK8.2
 deny   icmp 205.90.31.0 0.0.0.255 any echo
 permit ip any any

interface f1/24
ip access-group TASK8.2 in

Do you think those two are possible solutions for the tasks? I don't think I've broken any of the requirements and the solution seems to accompish the ultimate goal of the task, no? I would really appreciate some comments here.

Regards,
Pavel

CBAC should be fine for the first.  For the second it would depend how the proctor interpretes the question as you are not blocking traffic sent to R1 and R6 on vlan 162 from the 205.x.x.x network.  The traffic will only be blocked if it comes from behind f 0/24.

Hi there,

This morning I finish  task 8.1 and 8.2 but i am  bit confused with with  the solution guide. The Vlan 162 is spread over SW1 and SW2 but the vlan 162 filtering was applied to SW1. Can anyone explain me why its not applied the vlan filtering to SW2 ?

I am wondering the same thing.... Why would the VACL be applied to SW1?  BB2 and R6 are connected to SW2.  The VACL would never take effect on R6 if applied to SW1 would it?  I applied the config to SW2.