Only your colleague could answer the question of whether you violated his restrictions, but "Do not modify any access lists" sounds clear enough to me. If he was firm in that requirement, he had something else in mind.
DSCP mutation map on an intervening switch perhaps? Or remarking packets on ingress to the router if the ACL was in the "out" direction on an interface? The question to ask there is whether the packets had to arrive with that DSCP value on them. If not, you may have some options. If so, then you're modifying the ACL or just unbundling it from the interface. FWIW, I think it's important not to emphasize "restrictions" too much when just studying with fellow engineers. Usually they aren't spending enough time (or may not be knowledge enough) to establish a complete and correct set of restrictions and word those in a way that guides you to the answer. Do the diagnostic work and discuss your options with your colleague but don't get hung up on whether you met his restrictions properly. After all, it seems like 25% of IPX labs have solutions that violate their stated restrictions. Is your friend putting even more time than them into developing quality labs? Bob -- Sent from my iPhone, please excuse any typos. > On Nov 10, 2013, at 2:32 AM, robert shepherd <[email protected]> wrote: > > I had a fellow network engineer setup some faults so I can practice my > troubleshooting skills and accuracy. I am wanting to know if what I did would > break the restrictions that he had put in place. > > One of the faults he created was to perform an extended ping with a ToS value > of 128. The restriction was I could not modify any of the ACL's. The extended > pings were failing because they were matching the ACL's that he had put in > place. > > Would adding to the ACL's break the restriction? My thinking is that I am not > so called modifying the existing sequence numbers that are in place but > adding a permit statement in front of the deny's to allow my extended pings > to be matched and be marked accordinally. > > I also was thinking I could have created a new ACL and change the class-map > to reference the new ACL. > > Thoughts? > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
