Professional Documents
Culture Documents
Answer Matty
Answer Matty
Answer Matty
Circle one:
Location: Anniston or Boaz
Circle one:
Version 1 2 3 4 5 6 7 8 9 10 Anniston 3 192.168.3.0 /24 192.168.3.1 3
The WAN interface of GAD is assigned the lowest usable address in the subnetwork.
Identify and use the second lowest usable WAN address for the S0, or S0/0, interface of the assigned router 192.168.3.2 For security reasons, the IP addresses of the assigned subnet are split in two groups. The production workstations will be assigned the lower half of the IP addresses. The network devices and management stations will be assigned the upper half of the IP addresses. The Ethernet router interface is to be assigned the highest usable address. Identify the required IP address of the Ethernet interface on the assigned router. 14.38.10.33 (based on exam version number and subnet assignment) The host configurations must also be planned. Using the chart below, complete the host information. Branch: Anniston or Boaz IP address range 3th subnet : from ip 14.38.10.33 to ip 14.38.10.46 + 1 broadcastaddress ip Bytes So 14.38.10.33 14.38.10. 14.38.10.34 14.38.10. 14.38.10.35 14.38.10. 14.38.10.36 14.38.10. 14.38.10.37 14.38.10. 14.38.10.38 14.38.10. 14.38.10.39 14.38.10. 14.38.10.40 14.38.10. 14.38.10.41 14.38.10. 14.38.10.42 14.38.10. 14.38.10.43 14.38.10. 14.38.10.44 14.38.10. 14.38.10.45 14.38.10. 14.38.10.46 14.38.10. 14.38.10.47 14.38.10. bits 00010001 00010010 00010011 00010100 00010101 00010110 00010111 00011000 00011001 00011010 00011011 00011100 00011101 00011110 00011111 (this is broadcast and dont count for ip-address)
Production Host Range(Lower half) ip Bytes So 14.38.10.33 14.38.10. 14.38.10.34 14.38.10. 14.38.10.35 14.38.10. 14.38.10.36 14.38.10. 14.38.10.37 14.38.10. 14.38.10.38 14.38.10. 14.38.10.39 14.38.10. bits 00010001 00010010 00010011 00010100 00010101 00010110 00010111
Management Host Range(Upper half) ip Bytes bits So 14.38.10.40 14.38.10. 00011000 14.38.10.41 14.38.10. 00011001 14.38.10.42 14.38.10. 00011010 14.38.10.43 14.38.10. 00011011
Production Host (take the first usable ip address) IP address 14.38.10.34 coz 14.38.10.33 is for the fastethernet interface of the LAN router Subnet Mask 255.255.255.0 Default Gateway 192.168.3.2 Management Host IP address 14.38.10.40 Subnet Mask 255.255.255.0 Default Gateway 192.168.3.2
of the address range are reachable by all LAN hosts using all possible IP protocols. The servers should not be accessible by any other hosts. 3. The company has discovered an Internet Web server at 198.0.0.1 that is known to contain viruses. All hosts are to be banned from reaching this site. 4. All other traffic should be permitted to any destination. These security requirements should be accomplished with a single access list. Plan the access list required to accomplish these tasks, to which interface this will be applied, and the direction the list will be applied. Place the ACL plan information below: 1) 2) 3 4 access-list 101 permit tcp 127.16.0.1 255.255.255.255 any eq 80 access-list 101 deny ip 172.16.0.1 255.255.255.255 any this is the hardest acl-instruction and I cant make it sorry access-list 101 deny ip host 198.0.0.1 255.255.255.255 any access-list 101 permit ip any any
Router Anniston Enable router1# config t config-t# hostname Anniston config-t# interface fastethernet 0/0 config-int# ipaddress 14.38.20.33 255.255.255.0 config-int#no shutdown config-int# exit config-t# interface serial 0/0 config-int# ipaddress 192.168.3.2 config-int# no shutdown you dont have to set the clockrate because the DTE is on the side of GAD and GAD is configured by the teachers! Step 5: Security Configuration Time: 15 minutes Points _______________
After the basic functionality is in place, security needs to be added to the configuration. Using the security requirement and planning from previous steps, implement and test these basic
security functions. The listed security requirements should be verified before notifying the instructor. Before proceeding to the next step have the instructor approve this step. implementing the acl enable anniston#config t config-t# interface serial 0/0 config-int# ip-accessgroup 101 in if you use IN then you will set the statements within your subnet!, everything that is going out of your subnet that will be checked by your acl! If you use OUT you do the same with alle traffic that enters you subnet!
show acces-lists show interface serial 0/0 copy runnin-config startup-config erase running-config enable password sisco enable secret class hostname Anniston