router sim issues ACL issues

livenliven Member Posts: 918
Ok I decide I wanted to get some extra practice with the ROUTERsim stuff. I tried some of the online scenarios and thought they were good. SO I signed up...

But the access list section has me banging me head against the wall big time....


For instance they have a question were they want telnet access to be blocked....

Instead of applying the access list to the

line vty 0 4

the router sim folks apply the acl to the serail interface....

Is there some sort of un written rule for this sims that I am missing?

Is it better to block telnet by applying the acl to the vty or to the interface that connects the router to the rest of the network?
encrypt the encryption, never mind my brain hurts.

Comments

  • livenliven Member Posts: 918
    the other frustration I am having is that I am trying to enter some commands, and I keep getting errors like

    unrecognized command

    but then when I click on the button to grade my work the very command I am trying to enter is what the sim is looking for (the commands that are giving me errors)....

    I know these commands are correct because they work on my real routers....

    has anyone else seen thsee issues?
    encrypt the encryption, never mind my brain hurts.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    These are the reasons I don't recommend sims to people, they are simulators of real routers and don't always behave the way they should. As for the "block telnet" requirement, there may be more than one way to do this, but I would say using an access-list on the vty lines would be the best. The reason you typically don't want to use an acl on the interface is if the router has more than one interface a user could simply telnet to the other interface if the ACL doesn't also block telnet to that IP as well. This could lead to a lengthy ACL if the router has 10 or 20 interfaces. yuk!

    The only help I can offer on the sims would be to make sure you have the latest version.
    The only easy day was yesterday!
  • livenliven Member Posts: 918
    dtlokee wrote:
    These are the reasons I don't recommend sims to people, they are simulators of real routers and don't always behave the way they should. As for the "block telnet" requirement, there may be more than one way to do this, but I would say using an access-list on the vty lines would be the best. The reason you typically don't want to use an acl on the interface is if the router has more than one interface a user could simply telnet to the other interface if the ACL doesn't also block telnet to that IP as well. This could lead to a lengthy ACL if the router has 10 or 20 interfaces. yuk!

    The only help I can offer on the sims would be to make sure you have the latest version.



    Thanks BRO.


    I am glad you agree with my thoughts on where to put the ACL.

    See I am using router sim because of the pre made questions that it has. I like to have to answer a question like:

    give this network do this (like setup acls, setup a routing protocol etc...).


    I have 6 routers (real ones) and 3 switches... I also have dynamips running. But I am just out of ideas as what to setup. I tried everything that I have read, and tried to create spin off things from those ideas... But I am just out of ideas. I think I am burnt out to be honse.


    Once again thanks Bro I really appriciate your feed back.
    encrypt the encryption, never mind my brain hurts.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    I hear ya on the burn out, I just finished up 15 hours of study today, with more for tomorrow. I have to decide if I am going to keep my lab date for next month, but right now it doesn't look like it.
    The only easy day was yesterday!
  • livenliven Member Posts: 918
    you sitting ccie?
    encrypt the encryption, never mind my brain hurts.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Yeah I have a date in Dec, but I am finding as I review my notes there is too much I have forgotten so it may not happen next month. I still have a few days to decide to pay or drop the date.
    The only easy day was yesterday!
  • livenliven Member Posts: 918
    right on man that is pretty kick @ss....

    I wish I was that far along...

    But then again I am a security guy. I just decided to knock out the ccna incase I go the CCSP route. We are using the cisco IPS stuff quiet a bit now where i work, and I gotta get the ccna to go ccsp.


    I might go for CEH then CISSP not really sure. It is nice that there are so many options out there these days (and all the cisco ones have such a good reputation)>...


    I couldn't even imagine how hard the ccie will be, this entry level test is kicking my tail. However I really think ciscos CCNA is way harder than the average entry level cert....

    Well keep us posted and good luck to you bro!
    encrypt the encryption, never mind my brain hurts.
Sign In or Register to comment.