Section 10.0: Security Violations
10.1. Denial of Service (DoS)
An ACL is already configured on the R1 Fastethernet2/0 (VLAN4) interface to fulfill the requirement for Section 2.1.
You need to merge ACLs for this. See Example 2-23.
ACL 101 configured in Example 2-23 will not allow noninitial fragments through to the server because of the first line. A noninitial fragment to the server is denied when it encounters the first ACL line because Layer 3 information in the packet matches the Layer 3 information in the ACL line.
Initial or nonfragments to port 80 on the server also match the first line of the ACL for Layer 3 information, but because the fragments keyword is present, the next ACL entry (the second line) is processed. The second line of the ...
Get CCIE Security Practice Labs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.