[CCNAv6 S2] 7.3.2.4 Packet Tracer - Troubleshooting Standard IPv4 ACLs




Packet Tracer – Troubleshooting Standard IPv4 ACLs
Addressing Table

Objectives

Part 1: Troubleshoot ACL Issue 1

Part 2: Troubleshoot ACL Issue 2

Part 3: Troubleshoot ACL Issue 3

Scenario

This network is meant to have the following three policies implemented:

·         Hosts from the 192.168.0.0/24 network are unable to access network 10.0.0.0/8.
·         L3 can’t access any devices in network 192.168.0.0/24.
·         L3 can’t access Server1 or Server2. L3 should only access Server3.
·         Hosts from the 172.16.0.0/16 network have full access to Server1, Server2 and Server3.
Note: All FTP usernames and passwords are “cisco”.

No other restrictions should be in place. Unfortunately, the rules that have been implemented are not working correctly. Your task is to find and fix the errors related to the access lists on R1.

Part 1:     Troubleshoot ACL Issue 1
Hosts from the 192.168.0.0/24 network should not be able to access any devices on the 10.0.0.0/8 network. This is not currently the case.

Step 1:     Determine the ACL problem.

As you perform the following tasks, compare the results to what you would expect from the ACL.

a.     Using L2, attempt to access FTP and HTTP services of Server1, Server2, and Server3.

b.    Using L2, ping Server1, Server2, and Server3.

c.     View the running configuration on R1. Examine access list FROM_192 and its placement on the interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order?

d.    Perform other tests, as necessary.

Step 2:     Implement a solution.

Make the necessary adjustments to FROM_192, or to its placement, to fix the problem.

Step 3:     Verify that the problem is resolved and document the solution.

If the problem is resolved, document the solution; otherwise return to Step 1.

Part 2:     Troubleshoot ACL Issue 2
L3 should not be able to reach Server1 or Server2. This is not currently the case.

Step 1:     Determine the ACL problem.

As you perform the following tasks, compare the results to what you would expect from the ACL.

a.     Using L3, attempt to access FTP and HTTP services of Server1, Server2, and Server3.

b.    Using L3, ping Server1, Server2, and Server3.

c.     View the running configuration on R1. Examine access list FROM_10 and its placement on the interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order?

d.    Run other tests as necessary.

Step 2:     Implement a solution.

Make the necessary adjustments to access list FROM_10, or to its placement, to fix the problem.

Step 3:     Verify the problem is resolved and document the solution.

If the problem is resolved, document the solution; otherwise return to Step 1.

Part 3:     Troubleshoot ACL Issue 3
Hosts from the 172.16.0.0/16 network should have full access to Server1, Server2 and Server3 but this is not currently the case, as L1 can’t communicate to Server2 or Server3.

Step 1:     Determine the ACL problem.

As you perform the following tasks, compare the results to the expectations of the ACL.

a.     Using L1, attempt to access FTP and HTTP services of Server1, Server2, and Server3.

b.    Using L1, ping Server1, Server2, and Server3.

c.     View the running configuration on R1. Examine access list FROM_172 and its placement on the interfaces. Is the access list placed on the correct port in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order?

d.    Run other tests as necessary.

Step 2:     Implement a solution.

Make an adjustment to access list FROM_172 or to its placements to fix the problem.

Step 3:     Verify the problem is resolved and document the solution.

If the problem is resolved, document the solution; otherwise return to Step 1.

Part 4:     Reflection (Optional)
Access-lists pose a logical problem which often has more than one solution. Can you think of a different set of rules or placements that would yield the same required access filtering?



 Configuration R1:

enable
configure terminal
no ip access-list standard FROM_10
ip access-list standard FROM_10
 deny host 10.0.0.2
 permit any
 exit
!
no ip access-list standard FROM_172
ip access-list standard FROM_172
 permit host 172.16.0.2
 exit
!
interface GigabitEthernet0/0
 ip access-group FROM_192 out
 end
write memory
!

END !~!


Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

[CCNAv6 S4] 8.2.4.14 Packet Tracer - Troubleshooting Enterprise Networks 3

Hình ảnh
Packet Tracer – Troubleshooting Enterprise Networks 3 Addressing Table Background This activity uses a variety of technologies you have encountered during your CCNA studies, including routing, port security, EtherChannel, DHCP, NAT, PPP, and Frame Relay. Your task is to review the requirements, isolate and resolve any issues, and then document the steps you took to verify the requirements. Note: This activity begins with a partial score. Requirements DHCP ·         R1 is the DHCP server for the R1 LAN. Switching Technologies ·         Port security is configured to only allow PC1 to access S1's F0/3 interface. All violations should disable the interface. ·         Link aggregation using EtherChannel is configured on S2, S3, and S4. Routing ·         All routers are configured with OSPF process ID 1 and no routing updates should be sent across interfaces that do n...
Đọc thêm

[CCNAv6 S2] 2.2.2.4 Packet Tracer - Configuring IPv4 Static and Default Routes

Hình ảnh
Packet Tracer - Configuring IPv4 Static and Default Routes Addressing Table Objectives Part 1: Examine the Network and Evaluate the Need for Static Routing Part 2: Configure Static and Default Routes Part 3: Verify Connectivity Background In this activity, you will configure static and default routes. A static route is a route that is entered manually by the network administrator to create a reliable and safe route. There are four different static routes that are used in this activity: a recursive static route, a directly attached static route, a fully specified static route, and a default route. Part 1:     Examine the Network and Evaluate the Need for Static Routing a.     Looking at the topology diagram, how many networks are there in total? b.    How many networks are directly connected to R1, R2, and R3? c.     How many static routes are required by each router to reach networks that are not directly ...
Đọc thêm