CCIE Routing and Switching Practice Labs

Section 9: Security (8 Points)

Configure a reflexive access list on R6 and apply it to the R6-a3/0 internal interface, allowing BGP and any other interesting traffic.

If you configured this correctly as shown in Example 5-45, you have scored 3 points.

Example 5-45 has the output configuration for the reflexive access list that accomplishes the question requirements. Reflexive access list s allow IP packets to be filtered based on upper-layer session information and the requirements implies to look at BGP packets on R6 and the relevant traffic is ICMP.

Example 5-45. R6 Reflexive Access List Configuration

R6#sh run int a3/0 Building configuration... Current configuration : 147 bytes ! interface ATM3/0 ip access-group in_filters in ip access-group ...

Get CCIE Routing and Switching Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Routing and Switching Practice Labs by Martin Duggan, Maurilio Gorito

Section 9: Security (8 Points)

Example 5-45. R6 Reflexive Access List Configuration

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly