Hi Tim, They're a little different.
1. They've allowed all echo replies in but no echo (So their internal devices can ping external, but no-one can ping in) You've permitted some specific echo replies to addresses and denied echo's to those same addresses plus a subnet, then allowed all other ICMP through.(So for those particular addresses you've done the same as them, but then you've let everything else through). 2. They're allowing telnet from 10.1.1.2 to anywhere, then allowing the sessions back in. You've used the same commands for this bit. 3. They've allowed rip everywhere and logged it, you've not logged it. 4. They will receive logs for all other denied traffic, you won't. HTH (But most of all I hope it's correct - getting late :-) Gareth ""Timothy Ouellette"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey guys/gals, > > After doing a simple mentorlabs vlab, I just wanted to make sure that I > didn't miss anything on my access-list config. The router names/places > have been masked to protect the innocent. Does my ACL do exactly the > same job as theirs but with more lines (hey, who needs efficiency > *grin*) > > Tim > > > Theirs: > access-list 101 deny icmp any any echo log > access-list 101 permit icmp any any echo-reply log > access-list 101 permit tcp host 10.1.1.2 any eq telnet log > access-list 101 permit tcp any eq telnet any established log > access-list 101 permit udp any any eq rip log > access-list 101 deny ip any any log > > > Mine: > access-list 101 permit icmp any host 10.1.1.1 echo-reply > access-list 101 permit icmp any host 10.1.2.1 echo-reply > access-list 101 deny icmp any host 10.1.1.1 log > access-list 101 deny icmp any host 10.1.2.1 log > access-list 101 deny icmp any 10.14.0.0 0.0.255.255 log > access-list 101 permit icmp any any > access-list 101 permit tcp host 10.1.1.2 any eq telnet log > access-list 101 permit tcp any eq telnet any established log > access-list 101 permit udp any any eq rip Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25139&t=25008 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
