access-list
Puffy
Member Posts: 54 ■■□□□□□□□□
in CCNA & CCENT
I was doing a Packet Tracer lab and I came across somethings in access lists that I needed some clarification on.
My solution:
permit tcp host 172.22.3.50 host 172.22.3.90 eq telnet
deny tcp any host 172.22.3.90 eq telnet
deny tcp host 172.22.3.53 any eq www
permit ip any any
Author of lab solution:
deny tcp 172.22.3.52 0.0.0.3 host 172.22.3.90 eq 23
deny tcp host 172.22.3.53 any eq 80
permit ip any any
1.)While I could understand why the author's solution is valid, I was thinking that it won't work, if say, the network administrator added in another host with an ip that is not within the deny range.This brings me to this question: from the CCNA exam perspective, do I need to worry about what could happen in the "future" or should I just use a solution that works only if the devices stay as is (i.e. no new hosts etc.)?
2.)If the question states that internet access shouldn't be allowed (as shown in this PT lab that I was doing), can I safely assume that for exam purposes, it means to block port 80 ? The reason I have this doubt is because, from my understanding, accessing the internet does not necessarily mean web browsing (HTTP connections).
My solution:
permit tcp host 172.22.3.50 host 172.22.3.90 eq telnet
deny tcp any host 172.22.3.90 eq telnet
deny tcp host 172.22.3.53 any eq www
permit ip any any
Author of lab solution:
deny tcp 172.22.3.52 0.0.0.3 host 172.22.3.90 eq 23
deny tcp host 172.22.3.53 any eq 80
permit ip any any
1.)While I could understand why the author's solution is valid, I was thinking that it won't work, if say, the network administrator added in another host with an ip that is not within the deny range.This brings me to this question: from the CCNA exam perspective, do I need to worry about what could happen in the "future" or should I just use a solution that works only if the devices stay as is (i.e. no new hosts etc.)?
2.)If the question states that internet access shouldn't be allowed (as shown in this PT lab that I was doing), can I safely assume that for exam purposes, it means to block port 80 ? The reason I have this doubt is because, from my understanding, accessing the internet does not necessarily mean web browsing (HTTP connections).
Comments
-
SharkDiver Member Posts: 844I would say that for the exam, what you see is what you get. Unless they say to plan ahead, I wouldn't factor that in.
As for #2, I've seen several practice questions that said to block "internet access" and the answer was always to block port 80 or "www".