Scribd Logo
Upload

Welcome to Scribd!

  • Taller 9

    Uploaded by

    llensan
    16 views5 pages
    The document describes how to configure standard and extended access control lists (ACLs) on routers to control network access and traffic. It includes configurations for setting router interfaces, IP addresses, RIP routing, and applying standard and extended ACLs on interfaces to permit or deny traffic between network segments. The goal is to test connectivity before and after applying the ACL rules.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes how to configure standard and extended access control lists (ACLs) on routers to control network access and traffic. It includes configurations for setting router interfaces, IP addresses, RIP routing, and applying standard and extended ACLs on interfaces to permit or deny traffic between network segments. The goal is to test connectivity before and after applying the ACL rules.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    16 views5 pages

    Taller 9

    Uploaded by

    llensan
    The document describes how to configure standard and extended access control lists (ACLs) on routers to control network access and traffic. It includes configurations for setting router interfaces, IP addresses, RIP routing, and applying standard and extended ACLs on interfaces to permit or deny traffic between network segments. The goal is to test connectivity before and after applying the ACL rules.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    Taller 9.

    Listas de Control de Acceso ACL

    Configuramos la topología con las direcciones correspondientes y conectamos todas las redes con
    el protocolo RIP.

    Topología:

    Configurar LAN y subir interface de Gateway

    Router 1.
    Router>enable
    Router#configure terminal
    Router(config)#interface fa0/1
    Router(config-if)#ip address 192.168.0.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#
    Router 2.
    Router>enable
    Router#configure terminal
    Router(config)#interface fa0/1
    Router(config-if)#ip address 172.16.0.1 255.255.0.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router 3.
    Router>enable
    Router#configure terminal
    Router(config)#interface fa0/1
    Router(config-if)#ip address 10.0.0.1 255.0.0.0
    Router(config-if)#no shutdown
    Router(config-if)#exit

    Configurar ip en los computadores en los segmentos de las redes Lan correspondientes y su


    Gateway

    Configurar y subir interface entre router

    Router 1.
    Router#enable
    Router#configure terminal
    Router(config)#interface fa0/0
    Router(config-if)#ip address 9.0.0.1 255.0.0.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#
    Router 2.
    Router#enable
    Router#configure terminal
    Router(config)#interface fa0/0
    Router(config-if)#ip address 9.0.0.2 255.0.0.0
    Router(config-if)#no shutdown
    Router(config-if)# exit
    Router(config)#interface fa1/0
    Router(config-if)#ip address 11.0.0.1 255.0.0.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router 3.
    Router>enable
    Router#configure terminal
    Router(config)#interface fa0/0
    Router(config-if)#ip address 11.0.0.2 255.0.0.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#

    Configurar enrutamiento RIP:

    Router 1.
    Router#configure terminal
    Router(config)#router rip
    Router(config-router)#version 2
    Router(config-router)#network 192.168.0.0
    Router(config-router)#network 9.0.0.0
    Router(config-router)#no auto-summary
    Router(config-router)#exit
    Router 2.
    Router#configure terminal
    Router(config)#router rip
    Router(config-router)#version 2
    Router(config-router)#network 172.16.0.0
    Router(config-router)#network 9.0.0.0
    Router(config-router)#network 11.0.0.0
    Router(config-router)#no auto-summary
    Router(config-router)#exit
    Router(config)#
    Router 3.
    Router#configure terminal
    Router(config)#router rip
    Router(config-router)#version 2
    Router(config-router)#network 11.0.0.0
    Router(config-router)#network 10.0.0.0
    Router(config-router)#no auto-summary
    Router(config-router)#exit
    Router(config)#

    Ahora configuramos la ACL Estándar.

    Creamos la acl entre el 1 y el 99, son los valores que podemos tomar para la configuración
    estándar. Lo que vamos a hacer es denegar la entrada de datos desde la red 10.0.0.0 a la red
    192.168.0.0 con los siguientes comandos:
    • access-list 1 deny 10.0.0.0 0.255.255.255
    • access-list 1 permit any (se utiliza para permitir el resto de las redes)
    • interface f0/1 (puerto para activar la ACL, más cercano al destino)
    • ip Access-group 1 out

    Creamos la lista.
    Router 1.
    Router>enable
    Router#configure terminal
    Router(config)#access-list 1 deny 10.0.0.0 0.255.255.255
    Router(config)#access-list 1 permit any

    Activamos la ACL en la interface fa0/1, digitamos:


    Router 1.
    Router(config)#interface f0/1
    Router(config-if)#ip access-group 1 out
    Router(config-if)#exit
    Router(config)#

    Realizar pruebas de conectividad antes de habilitar ACL y después hacia la dirección 10.0.0.2 desde
    la red 192.168.0.0.

    Probar comandos show:

    Router# show running-config


    Router# show ip route
    Router#show ip access-lists
    Router# traceroute 10.0.0.2

    -----------------------------------------------------------------------------------------------------------------------------
    Para desactivar la configuración de ACL entramos en la interface configurada y ejecutamos el
    siguiente comando:
    Router(config)#interface f0/1
    Router(config-if)#no ip access-group 1 out
    Router(config-if)#exit

    Para volver a activarlo en la interface digitamos:


    Router(config)#interface f0/1
    Router(config-if)#ip access-group 1 out
    Router(config-if)#exit

    -------------------------------------------------------------------------------------------------------------------------------

    Ahora configuramos la ACL extendido.

    Desactivamos la ACL estándar previamente configurada en el puerto Fa0/1.


    Router 1.
    Router(config)#interface f0/1
    Router(config-if)#no ip access-group 1 out
    Router(config-if)#exit

    Creamos la ACL entre la 100 a la 199, son los valores que podemos tomar para la configuración
    extendida. Lo que vamos a hacer es denegar la salida de datos a la red 10.0.0.0 desde la red
    192.168.0.0 con los siguientes comandos:

    Router 1.
    Router(config)#access-list 114 deny tcp any 10.0.0.0 0.255.255.255
    Router(config)#access-list 114 permit tcp any any
    Activamos la ACL en la interface fa0/1, digitamos:

    Router 1.
    Router(config)#interface fa0/1
    Router(config-if)#ip access-group 114 in
    Router(config-if)#exit

    Realizar pruebas de conectividad antes de habilitar ACL y después hacia la dirección 10.0.0.2 desde
    la red 192.168.0.0.

    Entregable del taller

    Desarrolle un informe donde explique y demuestre las configuraciones realizadas.

    You might also like