CCIE Security Exam Certification Guide

Scenario 8-1 Solution

A1:

The network administrator can quickly configure an extended access list permitting all ICMP, UDP, or TCP, as shown in Example 8-12, applying the access list to the inbound interface on R2, Serial 0/0. (The configuration is truncated to focus on the critical configuration.)

Example 8-12. Access List Configuration on R2

Hostname R2
!
interface Serial0/0
 ip address 131.108.255.2 255.255.255.252
 ip access-group 100 in
!
access-list 100 permit icmp any any log-input
access-list 100 permit tcp any any log-input
access-list 100 permit udp any any log-input
!
End

To determine the traffic type, access list 100 allows ICMP, UDP, and TCP inbound on Serial 0/0. Logging is also enabled with the keyword log-input. Assuming the DoS ...

Get CCIE Security Exam Certification Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Security Exam Certification Guide by Henry Benjamin

Scenario 8-1 Solution

Example 8-12. Access List Configuration on R2

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly