Hello All,
9.19 Secure VLAN 12 so that any router added in the future will not be able to
see EIGRP multicast packets or form neighbor relationships with existing
routers.
The DSG proposes putting a VACL and use the neighbor command between R1 and R2
to accomplish this. I used a different method through a VACL alone and was
wondering if the way I did it was valid (would I have got points for this on
the
lab)?
Cat3550-1#sh ip access-lists 101
Extended IP access list 101
10 deny eigrp host 150.100.12.1 host 224.0.0.10 (68 matches)
20 deny eigrp host 150.100.12.2 host 224.0.0.10 (31 matches)
30 permit eigrp any host 224.0.0.10
Cat3550-1#sh vlan access-map NOEIGRP
Vlan access-map "NOEIGRP" 10
Match clauses:
ip address: 101
Action:
drop
Vlan access-map "NOEIGRP" 20
Match clauses:
Action:
forward
Cat3550-1#sh run | i filter
vlan filter NOEIGRP vlan-list 12
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
