OK, The question is deny FTP and HTTP for these addresses:
131.24.194.x, 131.25.194.x, 135.152.1.1, 131.24.195.x, 131.24.193.x Use least amount of lines in your ACL. To match EXACTLY what the question asks with the minimum ACL, I come up with this: access-list 101 deny tcp host 135.152.1.1 eq ftp any access-list 101 deny tcp host 135.152.1.1 eq http any access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq ftp any access-list 101 deny tcp 131.24.194.0 0.1.1.255 eq http any access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq ftp any access-list 101 deny tcp 131.24.193.0 0.1.0.255 eq http any access-list 102 permit tcp any any Cisco's answer is: access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq frp any access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq frp any access-list 102 permit tcp any any Cisco's answer the first Octet Match these IPs 129, 131, 133, 135, 161, 163, 165, 167, 193, 195, 197, 199, 225, 227, 229, 231 So, address 161.24.194.1 will be denied as well, which is not one of the requirements. My question is when taking the lab, and asked a simlilar question, which answer is correct???? Hope this is not as muddy as my first question... Please correct me if I'm wrong - I no access-list expert. Just my attempt at it. :) Ted Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58752&t=58644 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
