Section 1.3 Traffic Filter

The task states:

"The company has experienced recent security issues with PCs in VLAN 17 trying to connect to each other using Windows file and print sharing.  After attempting to get the IS department to disable file and print sharing on the PCs without success, you have been tasked with ensuring that PCs in VLAN 17 cannot talk directly with each other but still can communicate with other ports or interfaces in VLAN 17. "

Does the word "PCs" in the task imply that Fa0/1 and Fa0/13 are exempt from the configuration, due to their direct connections to R1 and SW2, respectively?  I (think I) understand why this would not be great for the rest of the lab.  I was surprised that I could even apply "switchport protected" to a trunk link.  I was just curious, not a huge deal if it is just an issues of interpretating semantics.

 

Thanks! 

Comments

  • Yes, exactly, you won't be able to use protected ports on the other ports otherwise it will braek connectivity as you've mentioned...the PC ports can only reside on f0/7-8.....

     

    kr

    Josua

    [:)]

  • For such a scenario expect the lab to actually name the interfaces; scope is not to test you on understanding what a PC port means but to make sure you understand what you need to configure.

    Good luck with your studies!

  • Should we also apply swithcport port-protected on f0/1 besides f0/7 and f0/8 ? In order to consider a case where pcs are also attached to sw1's f0/1 along with R1 with hub or something. Not necessary but just to be on a sefer side.

  • Should we also apply swithcport port-protected on f0/1 besides f0/7 and f0/8 ? In order to consider a case where pcs are also attached to sw1's f0/1 along with R1 with hub or something. Not necessary but just to be on a sefer side.

    Doing so would break connectivity from ports 7/8 to R1. 

Sign In or Register to comment.