|
Home > Archive > alt.certification.cisco > September 2003 > wrong answer to practice question?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
wrong answer to practice question?
|
|
| Nathaniel W. Cook 2003-09-24, 3:25 pm |
| Hello,
There is a question in Todd Lammle's CCNA book that confuses me. The question is:
What happens when an access list is applied to an interface when the keywords in or out have not been included in the command syntax?
A. The access list will not be applied to the interface.
B. The access list will be applied inbound by default.
C. The access list will be applied outbound by default.
D. The access list will be applied inbound and outbound.
Answer?
According to the book the answer is:
C. If neither the keyword in nor out is used when applying an access list to an interface, the access list will be applied outbound by default. If you have planned to implement security inbound to the interface, ensure that you have used the in keyword.
But I tried it on a 2500 router and this is what I got:
East#config t
Enter configuration commands, one per line. End with CNTL/Z.
East(config)#access-list 1 permit 192.168.1.2
East(config)#int e0
East(config-if)#ip access-group 1 ?
in inbound packets
out outbound packets
East(config-if)#ip access-group 1
% Incomplete command.
| |
|
| *** post for FREE via your newsreader at post.newsfeed.com ***
Hi
Have you checked www.Sybex.com for any corrections to the book. They list
several amendments to the CCNA books.
HTH
--
Regards
Japes
Have you found any Celestine Insights in your life yet?
"Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in message
news:8tidnU6iGtc1eeyiXTWJhQ@co
mcast.com...
Hello,
There is a question in Todd Lammle's CCNA book that confuses me. The
question is:
What happens when an access list is applied to an interface when the
keywords in or out have not been included in the command syntax?
A. The access list will not be applied to the interface.
B. The access list will be applied inbound by default.
C. The access list will be applied outbound by default.
D. The access list will be applied inbound and outbound.
Answer?
According to the book the answer is:
C. If neither the keyword in nor out is used when applying an access list to
an interface, the access list will be applied outbound by default. If you
have planned to implement security inbound to the interface, ensure that you
have used the in keyword.
But I tried it on a 2500 router and this is what I got:
East#config t
Enter configuration commands, one per line. End with CNTL/Z.
East(config)#access-list 1 permit 192.168.1.2
East(config)#int e0
East(config-if)#ip access-group 1 ?
in inbound packets
out outbound packets
East(config-if)#ip access-group 1
% Incomplete command.
-----= Posted via Newsfeed.Com, Uncensored Usenet News =-----
http://www.newsfeed.com - The #1 Newsgroup Service in the World!
-----== 100,000 Groups! - 19 Servers! - Unlimited Download! =-----
| |
| Robert Smales 2003-09-24, 6:25 pm |
| Nathaniel W. Cook wrote:
> Hello,
>
> There is a question in Todd Lammle's CCNA book that confuses me. The
> question is:
>
> What happens when an access list is applied to an interface when the
> keywords in or out have not been included in the command syntax?
>
> A. The access list will not be applied to the interface.
> B. The access list will be applied inbound by default.
> C. The access list will be applied outbound by default.
> D. The access list will be applied inbound and outbound.
>
> Answer?
>
> According to the book the answer is:
>
> C. If neither the keyword in nor out is used when applying an access list
> to an interface, the access list will be applied outbound by default. If
> you have planned to implement security inbound to the interface, ensure
> that you have used the in keyword.
>
> But I tried it on a 2500 router and this is what I got:
>
> East#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> East(config)#access-list 1 permit 192.168.1.2
> East(config)#int e0
> East(config-if)#ip access-group 1 ?
> in inbound packets
> out outbound packets
>
> East(config-if)#ip access-group 1
> % Incomplete command.
Odom's Certification Guide for 640-607 says that in IOS version 11.3 and
earlier, the default direction for an access-group statement is "out" and
that with version 12.0 and beyond you have to specify in or out (p. 500).
Robert
| |
| Nathaniel W. Cook 2003-09-24, 8:25 pm |
| Thanks, that explains it. This (and I think other things also) are NOT
listed in the errata of the Sybex website.
Nathaniel
"Robert Smales" <deor@greenyonder.co.uk> wrote in message
news Uncb.4459$z85.39821504@news-text.cableinet.net...
> Nathaniel W. Cook wrote:
>
> > Hello,
> >
> > There is a question in Todd Lammle's CCNA book that confuses me. The
> > question is:
> >
> > What happens when an access list is applied to an interface when the
> > keywords in or out have not been included in the command syntax?
> >
> > A. The access list will not be applied to the interface.
> > B. The access list will be applied inbound by default.
> > C. The access list will be applied outbound by default.
> > D. The access list will be applied inbound and outbound.
> >
> > Answer?
> >
> > According to the book the answer is:
> >
> > C. If neither the keyword in nor out is used when applying an access
list
> > to an interface, the access list will be applied outbound by default.
If
> > you have planned to implement security inbound to the interface, ensure
> > that you have used the in keyword.
> >
> > But I tried it on a 2500 router and this is what I got:
> >
> > East#config t
> > Enter configuration commands, one per line. End with CNTL/Z.
> > East(config)#access-list 1 permit 192.168.1.2
> > East(config)#int e0
> > East(config-if)#ip access-group 1 ?
> > in inbound packets
> > out outbound packets
> >
> > East(config-if)#ip access-group 1
> > % Incomplete command.
>
> Odom's Certification Guide for 640-607 says that in IOS version 11.3 and
> earlier, the default direction for an access-group statement is "out" and
> that with version 12.0 and beyond you have to specify in or out (p. 500).
>
> Robert
| |
|
| In this rare occasion Todd Lammle is correct. Which IOS version are you
using?
"Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in message
news:8tidnU6iGtc1eeyiXTWJhQ@co
mcast.com...
Hello,
There is a question in Todd Lammle's CCNA book that confuses me. The
question is:
What happens when an access list is applied to an interface when the
keywords in or out have not been included in the command syntax?
A. The access list will not be applied to the interface.
B. The access list will be applied inbound by default.
C. The access list will be applied outbound by default.
D. The access list will be applied inbound and outbound.
Answer?
According to the book the answer is:
C. If neither the keyword in nor out is used when applying an access list to
an interface, the access list will be applied outbound by default. If you
have planned to implement security inbound to the interface, ensure that you
have used the in keyword.
But I tried it on a 2500 router and this is what I got:
East#config t
Enter configuration commands, one per line. End with CNTL/Z.
East(config)#access-list 1 permit 192.168.1.2
East(config)#int e0
East(config-if)#ip access-group 1 ?
in inbound packets
out outbound packets
East(config-if)#ip access-group 1
% Incomplete command.
| |
| Nathaniel W. Cook 2003-09-25, 1:25 am |
| Hi Grey,
sh ver says:
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(21), RELEASE SOFTWARE (fc1)
so version 12 then-
I am curious- how is Todd Lammle correct?
thx
Nathaniel
"Grey" <bbb@ccc.com> wrote in message
news:jv-dnVgkNq2T3e-iXTWJkQ@comcast.com...
> In this rare occasion Todd Lammle is correct. Which IOS version are you
> using?
>
>
> "Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in message
> news:8tidnU6iGtc1eeyiXTWJhQ@co
mcast.com...
> Hello,
>
> There is a question in Todd Lammle's CCNA book that confuses me. The
> question is:
>
> What happens when an access list is applied to an interface when the
> keywords in or out have not been included in the command syntax?
>
> A. The access list will not be applied to the interface.
> B. The access list will be applied inbound by default.
> C. The access list will be applied outbound by default.
> D. The access list will be applied inbound and outbound.
>
> Answer?
>
> According to the book the answer is:
>
> C. If neither the keyword in nor out is used when applying an access list
to
> an interface, the access list will be applied outbound by default. If you
> have planned to implement security inbound to the interface, ensure that
you
> have used the in keyword.
>
> But I tried it on a 2500 router and this is what I got:
>
> East#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> East(config)#access-list 1 permit 192.168.1.2
> East(config)#int e0
> East(config-if)#ip access-group 1 ?
> in inbound packets
> out outbound packets
>
> East(config-if)#ip access-group 1
> % Incomplete command.
>
>
| |
|
| When I was studying for CCNA (3 years ago), the default for the
"access-group" command was "out". I had no idea it has changed since then.
Wendell Odom's book that I have doesn't mention it. Apparently, this was
changed starting in IOS 12.0, and the newer edition of Wendell Odom's book
reflected the change. When answering your question, I suspected the
discrepancy was due to a difference in IOS versions, but the reply to your
post from Robert Smales clarified it. He wrote that "in IOS version 11.3 and
earlier, the default direction for an access-group statement is 'out' and
.... with version 12.0 and beyond you have to specify in or out (p. 500)."
So, thanks to your question I too learned something new. I doubt this
question will be on the actual test due to the recent change in its default
implementation. You may be reading an older book by Todd Lammle, or maybe
Todd doesn't realize this command doesn't take defaults anymore.
Grey
"Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in message
news:TIidnQTPr59g6--iU-KYuA@comcast.com...
> Hi Grey,
>
> sh ver says:
> IOS (tm) 2500 Software (C2500-D-L), Version 12.0(21), RELEASE SOFTWARE
(fc1)
>
> so version 12 then-
>
> I am curious- how is Todd Lammle correct?
>
> thx
> Nathaniel
>
> "Grey" <bbb@ccc.com> wrote in message
> news:jv-dnVgkNq2T3e-iXTWJkQ@comcast.com...
> > In this rare occasion Todd Lammle is correct. Which IOS version are you
> > using?
> >
> >
> > "Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in message
> > news:8tidnU6iGtc1eeyiXTWJhQ@co
mcast.com...
> > Hello,
> >
> > There is a question in Todd Lammle's CCNA book that confuses me. The
> > question is:
> >
> > What happens when an access list is applied to an interface when the
> > keywords in or out have not been included in the command syntax?
> >
> > A. The access list will not be applied to the interface.
> > B. The access list will be applied inbound by default.
> > C. The access list will be applied outbound by default.
> > D. The access list will be applied inbound and outbound.
> >
> > Answer?
> >
> > According to the book the answer is:
> >
> > C. If neither the keyword in nor out is used when applying an access
list
> to
> > an interface, the access list will be applied outbound by default. If
you
> > have planned to implement security inbound to the interface, ensure that
> you
> > have used the in keyword.
> >
> > But I tried it on a 2500 router and this is what I got:
> >
> > East#config t
> > Enter configuration commands, one per line. End with CNTL/Z.
> > East(config)#access-list 1 permit 192.168.1.2
> > East(config)#int e0
> > East(config-if)#ip access-group 1 ?
> > in inbound packets
> > out outbound packets
> >
> > East(config-if)#ip access-group 1
> > % Incomplete command.
> >
> >
>
>
| |
| Nathaniel W. Cook 2003-09-25, 12:25 pm |
| ok thx
"Grey" <bbb@ccc.com> wrote in message
news:KeWdnetLKYYCRO-iU-KYiA@comcast.com...
> When I was studying for CCNA (3 years ago), the default for the
> "access-group" command was "out". I had no idea it has changed since then.
> Wendell Odom's book that I have doesn't mention it. Apparently, this was
> changed starting in IOS 12.0, and the newer edition of Wendell Odom's book
> reflected the change. When answering your question, I suspected the
> discrepancy was due to a difference in IOS versions, but the reply to your
> post from Robert Smales clarified it. He wrote that "in IOS version 11.3
and
> earlier, the default direction for an access-group statement is 'out' and
> ... with version 12.0 and beyond you have to specify in or out (p. 500)."
>
> So, thanks to your question I too learned something new. I doubt this
> question will be on the actual test due to the recent change in its
default
> implementation. You may be reading an older book by Todd Lammle, or maybe
> Todd doesn't realize this command doesn't take defaults anymore.
>
> Grey
>
> "Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in message
> news:TIidnQTPr59g6--iU-KYuA@comcast.com...
> > Hi Grey,
> >
> > sh ver says:
> > IOS (tm) 2500 Software (C2500-D-L), Version 12.0(21), RELEASE SOFTWARE
> (fc1)
> >
> > so version 12 then-
> >
> > I am curious- how is Todd Lammle correct?
> >
> > thx
> > Nathaniel
> >
> > "Grey" <bbb@ccc.com> wrote in message
> > news:jv-dnVgkNq2T3e-iXTWJkQ@comcast.com...
> > > In this rare occasion Todd Lammle is correct. Which IOS version are
you[c
olor=darkred]
> > > using?
> > >
> > >
> > > "Nathaniel W. Cook" <nospam_nathanielcook@comcast.net> wrote in[/color]
message
> > > news:8tidnU6iGtc1eeyiXTWJhQ@co
mcast.com...
> > > Hello,
> > >
> > > There is a question in Todd Lammle's CCNA book that confuses me. The
> > > question is:
> > >
> > > What happens when an access list is applied to an interface when the
> > > keywords in or out have not been included in the command syntax?
> > >
> > > A. The access list will not be applied to the interface.
> > > B. The access list will be applied inbound by default.
> > > C. The access list will be applied outbound by default.
> > > D. The access list will be applied inbound and outbound.
> > >
> > > Answer?
> > >
> > > According to the book the answer is:
> > >
> > > C. If neither the keyword in nor out is used when applying an access
> list
> > to
> > > an interface, the access list will be applied outbound by default. If
> you
> > > have planned to implement security inbound to the interface, ensure
that
> > you
> > > have used the in keyword.
> > >
> > > But I tried it on a 2500 router and this is what I got:
> > >
> > > East#config t
> > > Enter configuration commands, one per line. End with CNTL/Z.
> > > East(config)#access-list 1 permit 192.168.1.2
> > > East(config)#int e0
> > > East(config-if)#ip access-group 1 ?
> > > in inbound packets
> > > out outbound packets
> > >
> > > East(config-if)#ip access-group 1
> > > % Incomplete command.
> > >
> > >
> >
> >
>
>
| |
| Nathaniel W. Cook 2003-09-25, 6:25 pm |
| Yes I've noticed the same thing. It's very annoying when he asks a review
question on something he never covered in the actual text itself. Still all
in all it should be enough to let us pass the test. I hope to take the
640-607 next week sometime.
Nathaniel
"John" <jschenk@nospam.comcast.net> wrote in message
newsan.2003.09.25.20.58.42.470580@nospam.comcast.net...
> On Wed, 24 Sep 2003 21:09:08 -0400, Grey wrote:
>
> > In this rare occasion Todd Lammle is correct. Which IOS version are you
> > using?
> >
>
>
> Hmmm...I've been using Lammie's book to review for quite a
> while now. I've come across some questions (and the answers that
> he provides) that do not seem to make any sense, based on the
> text in the book. Seeing this, I'm wondering there are others that
> have noticed this as well.
>
> Regards,
>
> John
>
>
|
|
|
|
|