Hello to all our faithful blog readers, I hope this post find you very well, and enjoying your studies!

Access list tasks are a common CCIE Lab Exam feature, and I wanted to take a moment to show how easy it can be for a candidate to miss one thing or many things in such a task.

Here is the task topology and the task itself. Following that we have the proposed solution by a Mock Student :-)

Can you find the errors in his or her ways?

The Topology

The Task


Traffic Filtering

8.1 Configure a security filter on R3 that will accomplish the following for traffic entering the router from the direction of R2:

  • Allow Telnet from R2 (S0/1) to R1 (Lo1)
  • Allow BGP traffic through the router
  • Allow ICMP ping traffic between R1 (Lo1) and R2 (Lo1)
  • Block any traffic sourced from RFC 1918 addresses – log these violations and include Layer 2 address information

4 points

The Proposed Solution

access-list 100 permit tcp host eq telnet host eq telnet
access-list 100 permit tcp any any eq bgp
access-list 100 permit icmp host host
access-list 100 permit icmp host host
access-list 100 deny ip any log
access-list 100 deny ip any log
access-list 100 deny ip any log
interface Serial1/2
ip access-group 100 in

NOTE: I have posted a solution to this blog in the comments. The solution post date is November 20th, 2008.

About INE

INE is the premier provider of technical training for the IT industry. INE is revolutionizing the digital learning industry through the implementation of adaptive technologies and a proven method of hands on training experiences. Our portfolio of trainings is built for all levels of technical learning, specializing in advanced networking technologies, next generation security and infrastructure programming and development. Want to talk to a training advisor about our course offerings and training plans? Give us a call at 877-224-8987 or email us at

Subscribe to INE Blog Updates

New Blog Posts!