Is it possible that cisco fails students on purpose? I am a bit irritated as I have failed the test today. But the irritation comes from one of the LAB sims. Is it possible for the lab to be wrong? Or perhaps the testing center to have outdated material? I know the access-list lab was pretty basic. The lab was to allow one host to access a financial web server on port 80 or www. No one else was to have access to it, but eveyone should have access to the public web server and the acl should only have 3 lines were all the requirements.
access-list 101 permit tcp host (workstation ip) host (finance web server ip) eq www
access-list 101 deny ip any host (finance web server ip)
access-list 101 permit ip any host (public server ip)
Problem is the first two commands were accepted but not the last one. Keept asking for a port number which is not correct since we dont know what port the server was listening to. Ironnically ip access-list extended 101 wasn't an excepted command either to remove only the last line in thinking i did it wrong so I had to remove the entire access list and re-create it. Still did not work. Do you see anything wrong with this ACL and the reason the last line was not accepted without a eq, gt, or lt option? I ended up adding access-list 101 permit any any which worked but this is definately incorrect according to the requirements.
access-list 101 permit tcp host (workstation ip) host (finance web server ip) eq www
access-list 101 deny ip any host (finance web server ip)
access-list 101 permit ip any host (public server ip)
Problem is the first two commands were accepted but not the last one. Keept asking for a port number which is not correct since we dont know what port the server was listening to. Ironnically ip access-list extended 101 wasn't an excepted command either to remove only the last line in thinking i did it wrong so I had to remove the entire access list and re-create it. Still did not work. Do you see anything wrong with this ACL and the reason the last line was not accepted without a eq, gt, or lt option? I ended up adding access-list 101 permit any any which worked but this is definately incorrect according to the requirements.