Professional Documents
Culture Documents
Assignment Guide ACL
Assignment Guide ACL
Assignment Guide ACL
10.0.0.1/8 11.0.0.1/8
S0 S0
ON HYD : ON HE : ON BAN:
HYD # config terminal CHE # config terminal BAN # config terminal BAN(config)#ip
HYD(config) # ip routing
HYD(config)AREA # router rip
CH (config) # ip routing routing BAN(config)#router rip
0 CHE(config) # router rip CHE(config- BAN(config-router)#network 192.168.3.0
HYD(config-router)#network 192.168.1.0 router)#network 192.168.2.0 BAN(config-router)#network 11.0.0.0
HYD(config-router) # network 10.0.0.0 CHE(config-router)#network 10.0.0.0 0 BAN(config-router) # ^z
HYD(config-router) #^z HYD# 0 CHE(config-router)#network
11.0.0.0 0 CHE(config-router) # ^z BAN#
CHE#
16
SCENARIO 1: SCENARIO 2:
SCENAR O 3:
Only 192.168.3.0 should communicate Configuration of an access-list on Chennai
with 192.168.1.0 that administrative access through Telnet Configuration of an standard access-list on
is possible only from 192.168.2.10 Chennai Ethernet 0 in the outbound
direction denying 192.168.3.10
ON HYD: ON CHE:
N CHE:
HYD #config terminal CHE #config terminal
HYD (config) # access-list 1 CHE (config) # access-list 1 permit CHE #config terminal
permit 192.168.3.0 0.0.0.255 HYD 192.168.2.10 0.0.0.0 CHE (config) # access-list 1 deny
(config) # int e0 CHE (config) # line vty 0 4 192.168.3.10 0.0.0.0
HYD (config-if) # ip access-group 1 out CHE (config-line) # ip access-class in CHE (config)#access-list 1 permit any
HYD (config-if) # exit CHE (config-line) # exit CHE (config) CHE (config)#interface Ethernet 0 CHE
HYD (config) # exit # exit (config-if) # ip access-group 1 out CHE
(config-if) # exit CHE (config) # exit
CHE # show ip access-list
17
Lab 8 - EXTENDED ACCESS-LIST:
10.0.0.1/8
S0 11.0.0.1/8
S0
HYD
CHE BAN
E0 S1
E0
192.168.1.1/24 10.0.0.2/8 S1
192.168.2.1/24 E0
11.0.0.2/8 192.168.3.1/24
18
1. Configure any routing protocol
(e.g. RIP) & check the
communication
4. configuration of an standard
access-list on Chennai Ethernet 0
in the outbound direction denying
192.168.3.10
5. Configuration of an extended
access-list on Chennai Ethernet 0
in the outbound direction
permitting only FTP
service from the network 192.168.3.0 to
192.168.2.10
6. Configuration of an extended
access-list on Hyd Serial 0 in
inbound direction denying PING
(Echo) from 192.168.3.0 to
192.168.1.0 and permitting any other service.
7. Configuration of an extended
access-list on Hyd serial 0 in
inbound direction denying HTTP
from 192.168.2.0 to 192.168.1.0
and permitting and denying ping
from any network to 192.168.1.0.
33