Hey Bauke,
First, I am confused with the task at hand here: Volume 2, Lab12, Task 11.1 is in regards to DHCP. But looking at your question here -- 1) Well EIGRP may be working fine, but what does that have to do with ping? Remember, ping utilizes ICMP which is a completely other protocol. Any ping packet in the network on the other side of R7/R8 serial link HAS to go through R7. Since you are not permitting ICMP in your ACL there, it is all getting dropped at R7 2) Please let me know the correct workbook/task number and I will gladly look into that for you Regards, Joe Astorino CCIE #24347 (R&S) Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Bauke Dzavhale Sent: Wednesday, July 01, 2009 12:19 PM To: [email protected] Subject: [OSL | CCIE_RS] Lab 12- Vol 2- Task 11-1 Team, After configuring security on R7, I can no longer ping R8 interface Lo1 (200.0.0.8) from anywhere in the network. The relevant ACL config is as follows: R7# # ip access-list extended IPEXPERT deny tcp 192.168.80.0 0.0.0.31 any eq www log ........... truncated .......................... permit tcp 192.168.80.0 0.0.0.31 192.168.100.0 0.0.0.255 eq ftp permit tcp 192.168.80.0 0.0.0.31 eq ftp 192.168.100.0 0.0.0.255 permit tcp 192.168.80.0 0.0.0.31 192.168.100.0 0.0.0.255 eq ftp-data permit tcp 192.168.80.0 0.0.0.31 eq ftp-data 192.168.100.0 0.0.0.255 permit icmp host 192.168.11.6 any permit tcp host 200.0.0.8 host 200.0.0.5 eq bgp permit tcp host 200.0.0.8 eq bgp host 200.0.0.5 permit eigrp host 192.168.11.6 any deny ip any any questions: 1- The eigrp traffic has been properly addressed/permited, consequently I do not see why R7 or any other router can not ping 200.0.0.8. The route to 200.0.0.8 shows up in R7 routing table though.... Also this is the solution shown in PG 2- The source address of www and ftp is the ethernet segment of R8. Why is so? The question just asks to permit www and ftp from anywhere, so I would put "any" . The PG specifies R8 ethernet segment as the source... Thanks Bauke _____ Looking for the perfect gift? <http://www.flickr.com/gift/> Give the gift of Flickr! Checked by AVG - www.avg.com Version: 8.5.375 / Virus Database: 270.13.0/2210 - Release Date: 07/01/09 05:53:00
