[CCNAv6 S4] 4.2.2.12 Packet Tracer - Configuring Extended ACLs Scenario 3



Packet Tracer - Configuring Extended ACLs - Scenario 3
Addressing Table


Objectives

Part 1: Configure a Named Extended ACL

Part 2: Apply and Verify the Extended ACL

Background / Scenario

In this scenario, specific devices on the LAN are allowed to various services on servers located on the Internet.

Part 1:     Configure a Named Extended ACL
Use one named ACL to implement the following policy:

·         Block HTTP and HTTPS access from PC1 to Server1 and Server2. The servers are inside the cloud and you only know their IP addresses.

·         Block FTP access from PC2 to Server1 and Server2.

·         Block ICMP access from PC3 to Server1 and Server2.

Note: For scoring purposes, you must configure the statements in the order specified in the following steps.

Step 1:     Deny PC1 to access HTTP and HTTPS services on Server1 and Server2.

a.     Create an extended IP access list named ACL which will deny PC1 access to the HTTP and HTTPS services of Server1 and Server2. Because it is impossible to directly observe the subnet of servers on the Internet, four rules are required.

What is the command to begin the named ACL?
b.    Record the statement that denies access from PC1 to Server1, only for HTTP (port 80).

c.     Record the statement that denies access from PC1 to Server1, only for HTTPS (port 443).

d.    Record the statement that denies access from PC1 to Server2, only for HTTP.

e.     Record the statement that denies access from PC1 to Server2, only for HTTPS.

Step 2:     Deny PC2 to access FTP services on Server1 and Server2.

a.     Record the statement that denies access from PC2 to Server1, only for FTP (port 21 only).

b.    Record the statement that denies access from PC2 to Server2, only for FTP (port 21 only).

Step 3:     Deny PC3 to ping Server1 and Server2.

a.     Record the statement that denies ICMP access from PC3 to Server1.

b.    Record the statement that denies ICMP access from PC3 to Server2.

Step 4:     Permit all other IP traffic.

By default, an access list denies all traffic that does not match any rule in the list. What command permits all other traffic?

Part 2:     Apply and Verify the Extended ACL
The traffic to be filtered is coming from the 172.31.1.96/27 network and is destined for remote networks. Appropriate ACL placement also depends on the relationship of the traffic with respect to RT1.

Step 1:     Apply the ACL to the correct interface and in the correct direction.

a.     What are the commands you need to apply the ACL to the correct interface and in the correct direction?

Step 2:     Test access for each PC.

a.     Access the websites of Server1 and Server2 using the Web Browser of PC1 and using both HTTP and HTTPS protocols.

b.    Access FTP of Server1 and Server2 using PC1. The username and password is “cisco”.

c.     Ping Server1 and Server2 from PC1.

d.    Repeat Step 2a to Step 2c with PC2 and PC3 to verify proper access list operation.



 Configuration RTA:

enable
configure terminal
ip access-list extended ACL
    10 deny tcp host 172.31.1.101 host 64.101.255.254 eq www
    20 deny tcp host 172.31.1.101 host 64.103.255.254 eq www
    30 deny tcp host 172.31.1.101 host 64.101.255.254 eq 443
    40 deny tcp host 172.31.1.101 host 64.103.255.254 eq 443
    50 deny tcp host 172.31.1.102 host 64.101.255.254 eq ftp
    60 deny tcp host 172.31.1.102 host 64.103.255.254 eq ftp
    70 deny icmp host 172.31.1.103 host 64.101.255.254
    80 deny icmp host 172.31.1.103 host 64.103.255.254
    90 permit ip any any
interface g0/0
 ip access-group ACL in
 end
write memory
!

END !~!





Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

[CCNAv6 S2] 2.2.2.4 Packet Tracer - Configuring IPv4 Static and Default Routes

Hình ảnh
Packet Tracer - Configuring IPv4 Static and Default Routes Addressing Table Objectives Part 1: Examine the Network and Evaluate the Need for Static Routing Part 2: Configure Static and Default Routes Part 3: Verify Connectivity Background In this activity, you will configure static and default routes. A static route is a route that is entered manually by the network administrator to create a reliable and safe route. There are four different static routes that are used in this activity: a recursive static route, a directly attached static route, a fully specified static route, and a default route. Part 1:     Examine the Network and Evaluate the Need for Static Routing a.     Looking at the topology diagram, how many networks are there in total? b.    How many networks are directly connected to R1, R2, and R3? c.     How many static routes are required by each router to reach networks that are not directly ...
Đọc thêm

[CCNAv6 S2] 8.3.1.2 Packet Tracer - Skills Integration Challenge

Hình ảnh
Packet Tracer – Skills Integration Challenge Addressing Table VLAN Port Assignments and DHCP Information Scenario In this culminating activity, you will configure VLANs, trunks, DHCP Server, DHCP relay agents, and configure a router as a DHCP client. Requirements Using the information in the tables above, implement the following requirements: ·         Create VLANs on S2 and assign VLANs to appropriate ports. Names are case-sensitive ·         Configure S2 ports for trunking. ·         Configure all non-trunk ports on S2 as access ports. ·         Configure R1 to route between VLANs. Subinterface names should match the VLAN number. ·         Configure R1 to act as a DHCP server for the VLANs attached to S2. -       Create a DHCP pool for each VLAN. Names are case-sensitive. -       Assign the ap...
Đọc thêm

[CCNAv6 S3] 7.2.3.5 Packet Tracer - Troubleshooting EIGRP for IPv4

Hình ảnh
Packet Tracer – Troubleshooting EIGRP for IPv4 Addressing Table Scenario In this activity, you will troubleshoot EIGRP neighbor issues. Use show commands to identify errors in the network configuration. Then, you will document the errors you discover and implement an appropriate solution. Finally, you will verify full end-to-end connectivity is restored. Troubleshooting Process 1.     Use testing commands to discover connectivity problems in the network and document the problem in the Documentation Table. 2.     Use verification commands to discover the source of the problem and devise an appropriate solution to implement. Document the proposed solution in the Documentation Table. 3.     Implement each solution one at a time and verify if the problem is resolved. Indicate the resolution status in the Documentation Table. 4.     If the problem is not resolved, it may be necessary to first remove the implemented solution befor...
Đọc thêm