Task 8.1

Hello,

 

The solution filters non MPLS traffic, which means it does not filter any VPN traffic.

 

As the solution to the internet access is to use internet VRF, the traffic to the internet is a VPN traffic, which will not be filterred.

 

Dan

 

 

Comments

  •  

    you
    might be right ... – interesting

     

    [:)]

  • Correct - ACL as spesified in solutions will not block traffic as it is labeled.

    (did a test, removed neighbour x.x.x.x send-label on R2 and R3 - this made the ACL denying specified sources) 

    R2:
    interface Serial1/1:0
     ip address 192.168.1.2 255.255.255.248
     ip access-group BOGON in


    Standard IP access list BOGON (Compiled)
        20 deny   0.0.0.0 log
        10 permit 192.168.1.0, wildcard bits 0.0.0.3 log (42 matches)
        30 deny   10.0.0.0, wildcard bits 0.255.255.255 log
        40 deny   127.0.0.0, wildcard bits 0.255.255.255 log
        50 deny   169.254.0.0, wildcard bits 0.0.255.255 log
        60 deny   172.16.0.0, wildcard bits 0.3.255.255 log
        70 deny   192.168.0.0, wildcard bits 0.0.255.255 log
        80 deny   224.0.0.0, wildcard bits 15.255.255.255 log
        90 deny   240.0.0.0, wildcard bits 15.255.255.255 log
        100 permit any (82 matches)

    R1: test traffic from 192.168.40.40:

    SPRack1R1#traceroute
    Protocol [ip]:
    Target IP address: 34.1.4.4
    Source address: 192.168.40.40

      1 13.1.13.3 [MPLS: Label 26 Exp 0] 216 msec 60 msec 236 msec
      2 192.168.1.2 [MPLS: Label 18 Exp 0] 92 msec 212 msec 212 msec
      3 34.1.24.4 24 msec *  248 msec

Sign In or Register to comment.