LAB 4-6: Access Control List (ACL)
You are the network administrator at Ranet, and have to config router Ranet-HQ to connect its LANto Branch network and Internet, and to config Access-List to control traffic as below:
(via its console)
1. Enable and set IP address on LAN interface to be the first assignable IP of this subnet.
2. Enable and set IP address on each serial interface to be the last assignable IP of its own subnet.
3. Set RIPv2 to be the router protocol on this router to exchange route with Ranet-BR
4. Set default route to allow the connection with internet.
5. Set access-list to prevent the connection from hosts in LAN as:
- allow only Admin-Host to telnet to Ranet-CoreSW (password: ranetpass)
- Not permit only User-Host1 to connect to any site in the internet.
- Any traffic beside these should be allow.
Remark: Use ACL no.100 only!, and use as short as possible to gain %Completion
Solution:
Ranet-HQ config:
(copy & paste these command below to Ranet-HQ)en
conf t
int fa0/0
no sh
ip add 172.22.3.33 255.255.255.224
int s0/0/0
no sh
ip add 172.22.3.98 255.255.255.252
int s0/1/0
no sh
ip add 203.144.7.254 255.255.255.252
exit
router rip
version 2
network 172.22.0.0
no auto-summary
exit
ip route 0.0.0.0 0.0.0.0 s0/1/0
access-list 100 deny tcp 172.22.3.52 0.0.0.3 host 172.22.3.90 eq 23
access-list 100 deny tcp host 172.22.3.53 any eq 80
access-list 100 permit ip any any
int fa0/0
ip access-group 100 in
Ranet-HQ#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
.
----------------------- The End ---------------------
Everything is OK.
You can view and download this solution here.
access list
,
CCNA Lab
,
cisco
,
IT
,
Packet tracer
,
Practice Labs
,
WAN Technology
Để bắt đầu tham gia Giao dịch tài chính: