| Author |
640-801 simulation questions
|
|
| Kentucky 2004-03-31, 5:52 am |
| failed.please help.640-801.
I had 4 labs : rip ospf access-list
when you create access-list for the sims do you create them with numbers or without numbers.
Configuration denying telnet access:
access-list 100 deny tcp 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255 eq 23
access-list 100 permit ip any any
Anyone who has made it please tell me how you configured your access-list.I'm very confortable with the command syntax just need help on configuration for the exam cause i tried it on my router and it works
perfectly. | |
| Boulware5 2004-03-31, 12:17 pm |
| Um I voted for "please help"  | |
| worrywarm 2004-03-31, 7:12 pm |
| I had access-list to prevent telnet on my test, but I'm not sure what you mean exactly. Usually what you need to make sure what the question is asking from you. Is it to only deny the telnet traffic to a router(a particular port ip address), or it requires to deny the telnet to a whole subnet? Obviously yours denied the traffic to the whole subnet 172.16.0.0. Then make sure it's IN or OUT.
Hope this helps.
 | |
| Kentucky 2004-04-01, 2:07 am |
| it was to deny telnet traffic to a particular subnet.if u use a standard access-list u basically deny the whole tcp /ip protocol.can you maybe tell me if there is anything wrong with my command syntax.it only accepted standard access-list command syntax. | |
| overkast 2004-04-01, 2:19 am |
| I think you may mean "standard" extended access list syntax!! | |
| christian7 2004-04-01, 5:14 pm |
| Hey Kentucky, are you from the state of Kentucky by any chance? I live in Kentucky, just wanted to know being nosie. | |
| Kentucky 2004-04-02, 1:28 am |
| I'm from south africa. | |
| Sexy Lexy 2004-04-02, 6:11 am |
| quote:
Originally posted by Kentucky
failed.please help.640-801.
I had 4 labs : rip ospf access-list
when you create access-list for the sims do you create them with numbers or without numbers.
Configuration denying telnet access:
access-list 100 deny tcp 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255 eq 23
access-list 100 permit ip any any
Anyone who has made it please tell me how you configured your access-list.I'm very confortable with the command syntax just need help on configuration for the exam cause i tried it on my router and it works
perfectly.
The syntax is the same in the exam and on the routers IOS.
Looks like a standard access list blocking telnet.
As long as you have configured the access list on the correct interface there shouldn't be a problem.
 | |
| forbesl 2004-04-03, 10:51 am |
| The best way to do this is with a standard (not extended) access list applied to your vty lines.
access-list 50 deny 192.168.0.0 0.0.255.255
access-list 50 permit any
line vty 0 4
access-class 50 in
transport input telnet
This will deny that network from telnet access to the router and permit all others (although on a production router, I'd permit telnet access only to needed HOSTS instead of an entire network or networks). | |
| Kentucky 2004-04-05, 5:46 am |
| THANKS. TRIED IT ON MY ROUTER AND IT WORKS FINE. | |
| forbesl 2004-04-05, 8:08 am |
| You're welcome. | |
| dminute 2004-04-07, 2:07 am |
| Just so you know, the access-class does not work on the sim.
You have to use an extended access list to block telnet to the router interfaces or its networks. | |
| Kentucky 2004-04-07, 2:49 am |
| the questions are ambigious.do you first create a dummy access-list and see if it permits you to apply it to the vty lines.if it does i guess you know you have to set it up to the vty lines and no to the various serial interfaces. | |
| dminute 2004-04-08, 8:43 pm |
| They are definitely ambigous. I tried the command on the exam and the sim said it wasn't a supported command. |
|
|
|