Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Assignment Guide ACL

    Uploaded by

    faiza awil
    This document describes a network diagram with three routers - HYD, CHE, and BAN - connected via serial and Ethernet links. It then provides configuration examples for standard and extended access lists to filter traffic between specific networks. The scenarios cover permitting only certain traffic, restricting administrative access, and denying particular protocols like ping and HTTP.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Assignment Guide ACL

    Uploaded by

    faiza awil
    17 views6 pages
    This document describes a network diagram with three routers - HYD, CHE, and BAN - connected via serial and Ethernet links. It then provides configuration examples for standard and extended access lists to filter traffic between specific networks. The scenarios cover permitting only certain traffic, restricting administrative access, and denying particular protocols like ping and HTTP.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document describes a network diagram with three routers - HYD, CHE, and BAN - connected via serial and Ethernet links. It then provides configuration examples for standard and extended access lists to filter traffic between specific networks. The scenarios cover permitting only certain traffic, restricting administrative access, and denying particular protocols like ping and HTTP.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    17 views6 pages

    Assignment Guide ACL

    Uploaded by

    faiza awil
    This document describes a network diagram with three routers - HYD, CHE, and BAN - connected via serial and Ethernet links. It then provides configuration examples for standard and extended access lists to filter traffic between specific networks. The scenarios cover permitting only certain traffic, restricting administrative access, and denying particular protocols like ping and HTTP.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 6

    Lab 7 - STANDARD ACCESS-LIST:

    10.0.0.1/8 11.0.0.1/8
    S0 S0

    HYD CHE BAN


    S1 S1 E0
    E0 10.0.0.2/8 E0 11.0.0.2/8
    192.168.3.1/24
    192.168.1.1/24 192.168.2.1/24

    LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24

    ON HYD : ON HE : ON BAN:

    HYD # config terminal CHE # config terminal BAN # config terminal BAN(config)#ip
    HYD(config) # ip routing
    HYD(config)AREA # router rip
    CH (config) # ip routing routing BAN(config)#router rip
    0 CHE(config) # router rip CHE(config- BAN(config-router)#network 192.168.3.0
    HYD(config-router)#network 192.168.1.0 router)#network 192.168.2.0 BAN(config-router)#network 11.0.0.0
    HYD(config-router) # network 10.0.0.0 CHE(config-router)#network 10.0.0.0 0 BAN(config-router) # ^z
    HYD(config-router) #^z HYD# 0 CHE(config-router)#network
    11.0.0.0 0 CHE(config-router) # ^z BAN#
    CHE#

    16
    SCENARIO 1: SCENARIO 2:
    SCENAR O 3:
    Only 192.168.3.0 should communicate Configuration of an access-list on Chennai
    with 192.168.1.0 that administrative access through Telnet Configuration of an standard access-list on
    is possible only from 192.168.2.10 Chennai Ethernet 0 in the outbound
    direction denying 192.168.3.10
    ON HYD: ON CHE:
    N CHE:
    HYD #config terminal CHE #config terminal
    HYD (config) # access-list 1 CHE (config) # access-list 1 permit CHE #config terminal
    permit 192.168.3.0 0.0.0.255 HYD 192.168.2.10 0.0.0.0 CHE (config) # access-list 1 deny
    (config) # int e0 CHE (config) # line vty 0 4 192.168.3.10 0.0.0.0
    HYD (config-if) # ip access-group 1 out CHE (config-line) # ip access-class in CHE (config)#access-list 1 permit any
    HYD (config-if) # exit CHE (config-line) # exit CHE (config) CHE (config)#interface Ethernet 0 CHE
    HYD (config) # exit # exit (config-if) # ip access-group 1 out CHE
    (config-if) # exit CHE (config) # exit
    CHE # show ip access-list

    Che # show ip access-list

    Note: Use the command prompt of a PC


    try to ping the filtered ip address

    17
    Lab 8 - EXTENDED ACCESS-LIST:

    10.0.0.1/8
    S0 11.0.0.1/8
    S0
    HYD
    CHE BAN
    E0 S1
    E0
    192.168.1.1/24 10.0.0.2/8 S1
    192.168.2.1/24 E0
    11.0.0.2/8 192.168.3.1/24

    LAN - 192.168.1.0/24 LAN - 192.168.3.0/24


    LAN - 192.168.2.0/24
    SCENARIO :2 SCENARIO :1 SCENARIO :3

    Configuration of an extended access-list on Configuration of an extended access-list on Configuration of an extended access-list on


    Hyd Serial 0 in inbound direction denying PING Chennai thernet 0 in the outbound direction Hyd serial 0 in inbound direction denying
    (Echo) from 192.168.3.0 to 192.168.1.0 and HTTP from 192.168.2.0 to 192.168.1.0 and
    permitting only FTP service from the network
    permitting any other service. permitting other traffic from any network
    192.168.3.0 to 192.168.2.10
    to 192.168.1.0 network.
    On Hyd:
    On CHE:
    On Hyd:

    Hyd#configure terminal Chen#configure terminal Hyd#configure terminal


    Hyd(config)#access-list 110 deny icmp Chen(config)#access-list 101 permit tcp 192.168.3.0 Hyd(config)#access-list 111 deny tcp 192.168.2.0
    192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 192.168.2.10 0.0.0.0 eq ftp 0.0.0.255 192.168.1.0 0.0.0.255 eq 80
    0.0.0.255 echo chen(config)#interface ethernet 0 hyd(config)#access-list 111 permit ip any
    hyd(config)#access-list 110 permit ip any chen(config-if)#ip access-group 101 out any hyd(config)#interface serial 0
    any hyd(config)#interface serial 0 chen(config-if)#exit hyd(config-if)#ip access-group 111 in
    hyd(config-if)#ip access-group 110 in chen(config)# hyd(config-if)^z
    hyd(config-if)^z
    CHE # sh ip access-list Hyd # sh ip access-list

    18
    1. Configure any routing protocol
    (e.g. RIP) & check the
    communication

    2. Configure Standard access-list on


    Hyd Ethernet 0 in the out bound
    direction, permitting only
    192.168.3.0

    3. Configure qccess-list on Chennai


    that administrative access through
    Telnet is possible only from
    192.168.2.10

    4. configuration of an standard
    access-list on Chennai Ethernet 0
    in the outbound direction denying
    192.168.3.10

    5. Configuration of an extended
    access-list on Chennai Ethernet 0
    in the outbound direction
    permitting only FTP
    service from the network 192.168.3.0 to
    192.168.2.10

    6. Configuration of an extended
    access-list on Hyd Serial 0 in
    inbound direction denying PING
    (Echo) from 192.168.3.0 to
    192.168.1.0 and permitting any other service.

    7. Configuration of an extended
    access-list on Hyd serial 0 in
    inbound direction denying HTTP
    from 192.168.2.0 to 192.168.1.0
    and permitting and denying ping
    from any network to 192.168.1.0.
    33

    You might also like