Task 8.2 - Incorrent ACL on R2

Hi Tech Team,

There is an incorrect ACL on R2 for this task. Can you please fix in the next edition?

 

# correct (different source IP traffic)

ip access-list extended VOIP

permit udp 192.10.1.0 0.0.0.255 any range 16384 32767

 

Tom

 

Comments

  • Hello Tom,

    I think that the SG is right. We doing LLQ for VOIP traffic for Vlan46 between R4 and R2 that traverses the Franme Relay link.

    On R4 it will be VOIP traffic from Vlan 46 going to R2 over the FR link hence "permit udp 129.X.46.0 0.0.0.255 any range 16384 32767"

    On R2 it will be VOIP traffic from R2 going to Vlan 46 over the FR link hence "permit udp any 129.X.46.0 0.0.0.255 range 16384 32767"

    HTH

  • I agree, ACL should be correct, however,

    I've added class default and extra line in the acl......

     

    I know it does't add any benifit, but I wonder if the overconfiguration will hurt me in the exam with the automated lab test engin?

     

     

    access-list 104 permit udp 129.11.46.0 0.0.0.255  any range 16384 32767

    access-list 104 permit udp any 129.11.46.0 0.0.0.255 range 16384 32767


    class-map match-all cVOIP

     match access-group 104

    policy-map pVOIP

     class cVOIP

        priority 192

     class class-default

      class SHAPE45




     

  • Hi JJ,

      It's better to just do what is asked of you as much as you can, without any extra configurations. This way you are sure to pass :)

    Good luck with your studies!

  • Hey man...

     

    thats easier said than done.... it's a matter of interpretation...I think the key is to start thinking the Cisco way.... thats the art of passing I think...

    but fully agree with you!

     

  • For me the confusion is whether the port numbers are src, dst, or both. IMHO the standards are not strict on this, but Cisco tends to use the range 16384 - 32767, but in the end we can only depend on the task wording. Which is not definite in this case.

    br,

    Gabor

  • What do you think about this possible solution at (sub)interface level:

     

    #ip rtp priority 32384 32383 192

     

    Best regards

     

    Iban

     

  • I know it does't add any benifit, but I wonder if the overconfiguration will hurt me in the exam with the automated lab test engin?

    access-list 104 permit udp 129.11.46.0 0.0.0.255  any range 16384 32767

    access-list 104 permit udp any 129.11.46.0 0.0.0.255 range 16384 32767


    class-map match-all cVOIP

     match access-group 104

    policy-map pVOIP

     class cVOIP

        priority 192

     class class-default

      class SHAPE45

    I agree with you over configuration will not harm as long as solution is meeting the task requirements and not breaking any lab rules.

  • Did anyone notice that the ACLs used in this task are not "symmetric" ?

    If ACL used on R2 is :

    ip access-list extended VoIP
    permit udp any 129.1.46.0 0.0.0.255 range 16384 32767

     

    then ACL for return traffic on R4 should be :

    ip access-list extended VoIP
    permit udp 129.1.46.0 0.0.0.255 range 16384 32767 any

     

    while SG has :

    ip access-list extended VOIP
    permit udp 129.1.46.0 0.0.0.255 any range 16384 32767

     

    And while we are it, when we are told that VOIP bearer traffic uses a certain range of UDP ports, can we assume that the range is used for both source AND destination ports ?

     

    Cheers.

  • @Iban

    I did the same but on verification the DLCI402 didn't show that the priority queue was set up and running.  In fact even though the command is there in the map-class there's no application of it to the DLCI, so I reverted back to the MQC syntax as it works.  I apologies as I don't have a good explanation:

    Rack1R4(config-map-class)#do sh frame-re pv 402 

     

    PVC Statistics for interface Serial0/0 (Frame Relay DTE)

     

    DLCI = 402, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.124

    <snip>

      cir 512000    bc 5120      be 0         byte limit 640    interval 10  

      mincir 256000    byte increment 640   Adaptive Shaping none

      pkts 100       bytes 10702     pkts delayed 0         bytes delayed 0        

      shaping inactive    

      traffic shaping drops 0

      Queueing strategy: fifo

     

Sign In or Register to comment.