Home > Ticket 5 – R1 ACL

Ticket 5 – R1 ACL

May 2nd, 2018 in TSHOOT v2 Go to comments

Configuration on R1
interface Serial0/0/1
description Link to ISP
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group edge_security in
!
ip access-list extended edge_security
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny 127.0.0.0 0.255.255.255 any
permit ip host 209.65.200.241 any
!

Answer:

Ans1) R1
Ans2) IPv4 layer 3 security
Ans3) Under the ‘ip access-list extended edge_security’ configuration add the ‘permit ip 209.65.200.224 0.0.0.3 any’ command.

Note:
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host 209.65.200.241 is permitted to go through the access-list (permit ip host 209.65.200.241 any) but clients cannot ping the web server because R1 cannot establish BGP session with neighbor 209.65.200.226.

Comments (17) Comments
Comment pages
1 6 7 8 26
  1. ChillBaba
    August 7th, 2018

    CAn any one tell what is the question/issue/problem of this new sim? if we dont know the issue how will we be able to identify it or compare it with answers.

  2. jirehccnp
    August 8th, 2018

    @networktut,

    Could you please don’t totally remove the old scenario? how could I revise and have look on those old scenario? we don’t know maybe old scenario might appear again right.

  3. jirehccnp
    August 8th, 2018

    hi all,
    just for sharing.
    old scenario:

    ip access-list standard nat_traffic
    permit 10.1.0.0 0.0.255.255

    it is not permit 10.2.0.0 0.0.255.255, and ACL end with explicit deny,
    so, the traffic of 10.2.0.0 could not get through.

  4. Please help me.Please for god sake
    August 8th, 2018

    @Network Tut
    Dear Team,
    My account is going to expire and I have 5 tickets left
    4 , 8 , 9 , 11 and 17 does not have a problem question.How will I be able to identify if no question is stated.
    Example:

    Problem: Client 1 is able to ping 209.65.200.226 but can’t ping the Web Server 209.65.200.241.

  5. CCNP switching Exam
    August 8th, 2018

    Hello All,

    I am renewing the CCNP certification.

    Has anyone got those exams lately?

    where do I get the dumps?
    where do I get some T-shooting simulations?

    Thank you.

    Star

  6. jirehccnp
    August 11th, 2018

    @CCNP switching Exam

    sign up for premium account for networktut then u will get

  7. new
    August 15th, 2018

    Hi everyone,

    After we enter the answers, are we required to test for resolution

  8. @new
    August 20th, 2018

    dont think so, under tshoot exam we only can find the issues and propose solution

  9. Igor
    August 27th, 2018

    Hi admin,
    Please change ip address on s0/0/1 from x.x.x.224 to x.x.x.225

  10. Anonymous
    September 1st, 2018

    Hello jirehccnp,

    thank you for the reply. I have signed up with the premium.

    Do you know if the tickets are still valid?

    Regards,

    Star

  11. Anonymous
    September 27th, 2018

    Good catch Igor, i caught the same thing.

  12. ipconfig
    October 2nd, 2018

    Configuration on R1
    interface Serial0/0/1
    description Link to ISP
    ip address 209.65.200.224 255.255.255.252
    ip nat outside
    ip access-group edge_security in

    The ip address for R1 s0/0/1 is really 209.65.200.224 when you show command? because the 209.65.200.224 /30 is network address maybe the website got typo error.

  13. Anonymous
    October 4th, 2018

    ping 209.65.200.241

    Pinging 209.65.200.241 with 32 bytes of data:

    Reply from 209.65.200.241: bytes=32 time=10ms TTL=122
    Request timed out.
    Reply from 209.65.200.241: bytes=32 time=9ms TTL=122
    Reply from 209.65.200.241: bytes=32 time=13ms TTL=122

    Ping statistics for 209.65.200.241:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 13ms, Average = 10ms

  14. Anonymous
    October 4th, 2018

    ip access-list extended Edge_Security
    permit ip host 209.65.200.241 any
    permit ip host 15.15.15.15 any
    deny ip 10.0.0.0 0.255.255.255 any
    deny ip 172.16.0.0 0.15.255.255 any
    deny ip 192.168.0.0 0.0.255.255 any
    deny ip 127.0.0.0 0.255.255.255 any

    ip access-list extended Edge_Security
    permit ip host 209.65.200.241 any
    permit ip host 15.15.15.15 any
    deny ip 10.0.0.0 0.255.255.255 any
    deny ip 172.16.0.0 0.15.255.255 any
    deny ip 192.168.0.0 0.0.255.255 any
    deny ip 127.0.0.0 0.255.255.255 any
    permit tcp host 209.65.200.226 host 209.65.200.225 eq 179

  15. My exam is next week
    November 16th, 2018

    Is this the answer for this ticket? please clarify

    permit tcp host 209.65.200.226 host 209.65.200.225 eq 179

  16. imare
    November 25th, 2018

    @Networktut

    I see alot of comments about this ticket saying it has changed ? Can you please confirm if the answers for this question is still :

    Ans1) R1
    Ans2) IPv4 Layer 3 Security
    Ans3) Under the ip access-list extended edge-security configuration add the permit ip 209.65.200.224 0.0.0.3 any command

  17. Polaris
    November 30th, 2018

    Guys a question…If you work with Trouble Tickets…will system register also what kind of commands did you use? Could that be also a factor that how you found out what the issue is?

    For example, if you perform “show run” will that give you lower score for a Trouble Ticket? I am a little bit desperate as I received no confirmation that if you accidentally not select an answer if the system take it as incorrect or unanswered. They confirmed me only that they see it correct and that questions were incorrect, however they can’t tell that system will take it as unanswered at all…which gives me chills now…

    My other question is that if it’s ok to proceed with “ping” command only? My troubleshooting method is that I start with “ipconfig” then I check IP address and default gateway. Then I try ti ping default gateway and then to ping 10.1.1.1 and from there to ping device by device closing the problem. I still cant remember if I really failed because of not hitting “Done” button on Trouble Ticket section. I simply don’t know and I will go blind on my second try. Really afraid…any answer to cheer me up somehow will be appreciated. I am simply lost as I followed every advice and took procedure. Afraid now if I really answered incorrect those trouble tickets.

Comment pages
1 6 7 8 26