CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours)
The final section, Part II, concentrates on the advanced security topics that are possible in the CCIE Security exam. Now that Part I has been configured and all devices are communicating, you can add security to the network and ensure that the network is safe from intruders or hackers.
IP Access List
On R5, configure an access list that meets the following criterion and contains the fewest configuration lines as possible:
Apply the access list on the outbound interface on R5's Fast Ethernet link to R4.
Deny any TCP packet with source address 22.214.171.124/24.
Deny any TCP packet with source address 126.96.36.199/24.
Deny any TCP packet with source address 188.8.131.52/24.