background image
758 Appendix A: Answers to the "Do I Know This Already?" Quizzes and Q&A Sections
5
Configure and enable an IP access list that would allow packets from subnet 10.3.4.0/24,
to any Web server, to get out serial interface S0. Also, allow packets from 134.141.5.4
going to all TCP-based servers using a well-known port to enter serial 0. Deny all other
traffic.
access-list 101 permit tcp 10.3.4.0 0.0.0.255 any eq www
access-list 102 permit tcp host 134.141.5.4 any lt 1023
interface serial 0
ip access-group 101 out
ip access-group 102 in
Two extended access lists are required. List 101 permits packets in the first of the two
criteria, in which packets exiting S0 are examined. List 102 permits packets for the second
criterion, in which packets entering S0 are examined.
6
Create an IPX packet filter to prevent packets from entering Serial0, except for packets
from address 500.0000.0000.0001 destined for any node in network 4.
access-list 800 permit 500.0000.0000.0001 4
interface serial0
ipx access-group 800 in
A "deny all else" is implied at the end of the list.
7
What services use IPX socket 4? What about Socket 7?
None. This is a trick question. SAP types 4 and 7 represent file and print services,
respectively. However, sockets are different, and there is no correlation between SAP
service types and sockets. The message: Read all the words in the question! Some
questions are purposefully designed to ensure that you know what each term means.
8
Create a configuration to add a SAP access list to filter all print services (SAP 7) from
being advertised out a router's serial 0 and serial1 interfaces.
access-list 1000 deny -1 7
access-list 1000 permit -1
interface serial 0
ipx output-sap-filter 1000
interface serial1
ipx output-sap-filter 1000
In the two access-list 1000 commands, the ­1 represents the wildcard meaning "any
network." SAP type 7 is for print services; the first statement matches those services and
denies those services. However, other proprietary print solutions could use a different SAP
type. This access list matches only for the standard SAP type for printers.
apA.fm Page 758 Monday, March 20, 2000 5:24 PM