Hi group,
Vol1 Section 19 task 9. Maybe Im reading to much between the lines, but I think the solution in the PG violates the task. The task requires to deny jpeg files from being sent to stations on VLAN67. 1. small typo, there is no VLAN67, I guess it should be VLAN567 (network 150.100.220.0/24) 2. The policy-map is only applied to the two EthernetInterfaces. But these stations could also be reached over the s0/1/0 interface, so should we not apply the policy-map there as well? 3. The PG matches jpeg based on mime types. Well, thats great but the task requires to deny jpegs sent TO stations on VLAN567. With the solution provided in the PG, jpeg files sent to all possible networks reachable via these interfaces will be dropped, isnt it? I used the following solution: R6 ! access-list 101 permit ip any 150.100.220.0 0.0.0.255 ! class-map match-all jpeg2vlan567 match access-group 101 match protocol http mime "image/jpeg" ! policy-map denypics class jpeg2vlan567 drop ! int fa0/1 service-policy output denypics int fa0/0 service-policy output denypics int ser0/1/0 service-policy output denypics ! regards Roger
