Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
Questions
pr3d4t0r
I found some questions and i need a "second eye"
1. Mitigate CAM table overflow
e.g we have a user in fa0/1 who sends thousands arp reqs.
Is this config enough ?
interface fa0/1
switchport mode access
switchport port-security
switchport port-decurty aging time 5
switchport port-security maximum 1
switchport port-security violation shutdown
2. CBAC
(fa0)router1(s0)
(s1)router2
You want to inspect www,ftp traffic from router1, permit any icmp and eigrp advs between router1 s0 and router2 s1.
access list 101 is applied to interface fa0 on router 1, you should write no more than 3 access lists statements, access list 101 cannot modified
router1
On fa0/0 in
access-list 101 deny icmp any
access-list 101 permit www subnet1 subnet2
access-list 101 permit ftp subnet1 subnet2
deny ip any any
Ok, that's the data.
Configure CBAC
ip inspect name TEST http timeout 3600
ip inspect name TEST ftp timeout 3600
ip inspect name TEST tcp timeout 3600
interface s0
ip inspect name TEST in
Now since the question defines that no more than 3 statements should be ok, i must create new access list to permit icmp and eigrp ?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
pr3d4t0r
3. When the authentication proxy idle timer(auth-cache-time) expires, how the user triggers auth proxy again ?
Re-enters username/pass
Open a web-site and prompt to enter username/pass
or something else ?
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
