DOREAMON 3(A)

 Practical 3: Configuring Extended ACLs

__________________________________________________________________


Objectives:

▪ Configure, Apply and Verify an Extended Numbered ACL

▪ Configure, Apply and Verify an Extended Named ACL


Scenario:

o PC1 Should be allowed only FTP access

o PC2 Should be allowed only web access

o Both PCs must ping server but not each other’s


◼ Configure Router:

Step 1: Configure password for vty lines

R1(config) # line vty 0 4

R1(config-line) #password vtypa55

R1(config-line) #login


Step 2: Configure secret on router

R1(config) # enable secret enpa55


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Part 1: Configure, Apply and Verify an Extended Numbered

ACL


Step 1: Configure an ACL to permit FTP and ICMP. (Use Router 2911)

R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp

R1(config)# access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62



Step 2: Apply the ACL on the correct interface to filter traffic.

R1(config)# int gig 0/0

R1(config-if)# ip access-group 100 in 


Step 3: Verify the ACL implementation.

a. Ping from PC1 to Server.

PC1> ping 172.22.34.62

(Successful)


b. FTP from PC1 to Server. The username and password are both cisco.

PC1> ftp 172.22.34.62

username: cisco

password: cisco


c. Exit the FTP service of the Server.

ftp> quit


d. Ping from PC1 to PC2.

PC1> ping 172.22.34.98

(Unsuccessful) destination host unreachable

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Part 2: Configure, Apply and Verify an Extended Named ACL


Step 1: Configure an ACL to permit HTTP access and ICMP.

R1(config)# ip access-list extended HTTP_ONLY

R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www

R1(config-ext-nacl)# permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62


Step 2: Apply the ACL on the correct interface to filter traffic.

R1(config)# int gig0/1

R1(config-if)# ip access-group HTTP_ONLY in


Step 3: Verify the ACL implementation.


a. Ping from PC2 to Server.

PC2> ping 172.22.34.62

(Successful)


b. FTP from PC2 to Server

PC2> ftp 172.22.34.62

(Unsuccessful)


c. Open the web browser on PC2.

URL -> http://172.22.34.62

(Successful)


d. Ping from PC2 to PC1.

PC> ping 172.22.34.66

(Unsuccessful)


Comments

Post a Comment

Popular posts from this blog

DOREAMON 2

 ______________________________________________________________ Practical 2: Configure AAA Authentication on Cisco router. ________________________________________________________________ Objectives: ▪ Configure a local user account on R1 and configure authenticate on the    console and vty lines using local AAA. ▪ Verify local AAA authentication from the R1 console and the PC0 client    and PC1 Client. ◼ Configure Router:   Step 1: Configure password for vty lines R1(config) # line vty 0 4 R1(config-line) #password vtypa55 R1(config-line) #login Step 2: Configure secret on router R1(config) # enable secret enpa55 Step 3: Configure OSPF on routers R1(config) #router ospf 1 R1(config-router) #network 192.168.1.0 0.0.0.255 area 0 Step 4: Configure OSPF MD5 authentication for all router in area 0 R1(config) #router ospf 1 R1(config-router)# area 0 authentication message-digest Step 5: Configure MD5 key for all routers in area 0 R1(config)# int gig0/0 R1(config...
Read more

DOREAMON 1

 Practical 1: Configure Routers for Syslog, NTP and SSH operation ____________________________________________________________________________________ Objectives: ▪ Configure OSPF MD5 authentication. ▪ Configure NTP. ▪ Configure routers to log messages to the syslog server. ▪ Configure R3 to support SSH connections. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ◼ Configure Router with password  Step 1: Configure password for vty lines  😊 Execute Command on all routers R(config) # line vty 0 4 R(config-line) #password vtypa55 R(config-line) #login Step 2: Configure secret on router😊 Execute Command on all routers R(config) # enable secret enpa55 Step 3: Configure OSPF on routers  😊 R1(config) #router ospf 1 R1(config-router) #network 192.168.1.0 0.0.0.255 area 0 R1(config-router) #network 10.1.1.0 0.0.0.3 area 0 R2(config) #router ospf 1 R2(config-router) #network 10.1.1.0 0.0.0.3 area 0 R2(config-router) #network 10.2.2.0 0.0.0.3 area 0 R3(config) #rou...
Read more