Blog of Khlebalin Dmitriy

(Дорогу осилит идущий…)

Подготовка к экзамену CCNA. Практические задания.

ACL SIM

Answer:
Select the console on Corp1 router
Configuring ACL
Corp1>enable
Corp1#configure terminal
comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.
Corp1(config)#access-list 100 permit ip any any

Applying the ACL on the Interface

comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.

Corp1(config)#interface fa 0/1

If the ip address configured already is incorrect as well as the subnet mask. this should be corrected in order ACL to work

type this commands at interface mode :

no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ip address and subnet mask)

Configure Correct IP Address and subnet mask :

ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 — 172.22.242.30 )

comment: Place the ACL to check for packets going outside the interface towards the finance web server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config
Verifying the Configuration :

Step1: show ip interface brief command identifies the interface on which to apply access list .

Step2: Click on each host A,B,C & D . Host opens a web browser page , Select address box of the web browser and type the ip address of finance web server(172.22.242.23) to test whether it permits /deny access to the finance web Server .

Step 3: Only Host C (192.168.33.3) has access to the server . If the other host can also access then maybe something went wrong in your configuration . check whether you configured correctly and in order.

Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.

Всем удачи в подготовке!

 

20.10.2010 Posted by | Network and Wi-fi: cisco, mikrotik, huawei, tp-link, d-link, zyxel и другое... | Комментарии к записи Подготовка к экзамену CCNA. Практические задания. отключены