Questions

pr3d4t0r

I found some questions and i need a "second eye"

1. Mitigate CAM table overflow

e.g we have a user in fa0/1 who sends thousands arp reqs.

Is this config enough ?

interface fa0/1
switchport mode access
switchport port-security
switchport port-decurty aging time 5
switchport port-security maximum 1
switchport port-security violation shutdown

2. CBAC

(fa0)router1(s0)

---

(s1)router2

You want to inspect www,ftp traffic from router1, permit any icmp and eigrp advs between router1 s0 and router2 s1.

access list 101 is applied to interface fa0 on router 1, you should write no more than 3 access lists statements, access list 101 cannot modified

router1
On fa0/0 in

access-list 101 deny icmp any
access-list 101 permit www subnet1 subnet2
access-list 101 permit ftp subnet1 subnet2
deny ip any any

Ok, that's the data.

Configure CBAC

ip inspect name TEST http timeout 3600
ip inspect name TEST ftp timeout 3600
ip inspect name TEST tcp timeout 3600

interface s0

ip inspect name TEST in

Now since the question defines that no more than 3 statements should be ok, i must create new access list to permit icmp and eigrp ?

pr3d4t0r

3. When the authentication proxy idle timer(auth-cache-time) expires, how the user triggers auth proxy again ?

Re-enters username/pass
Open a web-site and prompt to enter username/pass

or something else ?