[CCNAv6 S4] 4.4.2.9 Packet Tracer - Troubleshooting IPv4 ACLs




Packet Tracer - Troubleshooting IPv4 ACLs
Addressing Table


Objectives

Part 1: Troubleshoot ACL Issue 1

Part 2: Troubleshoot ACL Issue 2

Part 3: Troubleshoot ACL Issue 3

Scenario

This network is meant to have the following three policies implemented:

·        Hosts from the 192.168.0.0/24 network are unable to access any TCP service of Server3.
·        Hosts from the 10.0.0.0/8 network are unable to access the HTTP service of Server1.
·        Hosts from the 172.16.0.0/16 network are unable to access the FTP service of Server2.
Note: All FTP usernames and passwords are “cisco”.

No other restrictions should be in place. Unfortunately, the rules that have been implemented are not working correctly. Your task is to find and fix the errors related to the access lists on R1.

Part 1:      Troubleshoot ACL Issue 1
Hosts from the 192.168.0.0/24 network are intentionally unable to access any TCP service of Server3, but should not be otherwise restricted.

Step 1:      Determine the ACL problem.

As you perform the following tasks, compare the results to what you would expect from the ACL.

a.      Using L2, attempt to access FTP and HTTP services of Server1, Server2, and Server3.

b.      Using L2, ping Server1, Server2, and Server3.

c.      Using L2, ping G0/2 of R1.

d.      View the running configuration on R1. Examine access list 192_to_10 and its placement on the interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order?

e.      Perform other tests, as necessary.

Step 2:      Implement a solution.

Make an adjustment to access list 192_to_10 to fix the problem.

Step 3:      Verify that the problem is resolved and document the solution.

If the problem is resolved, document the solution: otherwise return to Step 1.

Part 2:      Troubleshoot ACL Issue 2
Hosts from the 10.0.0.0/8 network are intentionally unable to access the HTTP service of Server1, but should not be otherwise restricted.

Step 1:      Determine the ACL problem.

As you perform the following tasks, compare the results to what you would expect from the ACL.

a.      Using L3, attempt to access FTP and HTTP services of Server1, Server2, and Server3.

b.      Using L3, ping Server1, Server2, and Server3.

c.      View the running configuration on R1. Examine access list 10_to_172 and its placement on the interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order?

d.      Run other tests as necessary.

Step 2:      Implement a solution.

Make an adjustment to access list 10_to_172 to fix the problem.

Step 3:      Verify the problem is resolved and document the solution.

If the problem is resolved, document the solution; otherwise return to Step 1.

Part 3:      Troubleshoot ACL Issue 3
Hosts from the 172.16.0.0/16 network are intentionally unable to access the FTP service of Server2, but should not be otherwise restricted.

Step 1:      Determine the ACL problem.

As you perform the following tasks, compare the results to the expectations of the ACL.

a.      Using L1, attempt to access FTP and HTTP services of Server1, Server2, and Server3.

b.      Using L1, ping Server1, Server2, and Server3.

c.      View the running configuration on R1. Examine access list 172_to_192 and its placement on the interfaces. Is the access list placed on the correct port in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order?

d.      Run other tests as necessary.

Step 2:      Implement a solution.

Make an adjustment to access list 172_to_192 to fix the problem.

Step 3:      Verify the problem is resolved and document the solution.

If the problem is resolved, document the solution; otherwise return to Step 1.



 Configuration R1:

enable
configure terminal
ip access-list extended 192_to_10
 permit ip any any
ip access-list extended 172_to_192
 no 10
 30 permit ip any any
interface g0/0
 no ip access-group 10_to_172 out
 ip access-group 10_to_172 in
 end
write memory
!

END !~!



Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

[CCNAv6 S4] 8.2.4.14 Packet Tracer - Troubleshooting Enterprise Networks 3

Hình ảnh
Packet Tracer – Troubleshooting Enterprise Networks 3 Addressing Table Background This activity uses a variety of technologies you have encountered during your CCNA studies, including routing, port security, EtherChannel, DHCP, NAT, PPP, and Frame Relay. Your task is to review the requirements, isolate and resolve any issues, and then document the steps you took to verify the requirements. Note: This activity begins with a partial score. Requirements DHCP ·         R1 is the DHCP server for the R1 LAN. Switching Technologies ·         Port security is configured to only allow PC1 to access S1's F0/3 interface. All violations should disable the interface. ·         Link aggregation using EtherChannel is configured on S2, S3, and S4. Routing ·         All routers are configured with OSPF process ID 1 and no routing updates should be sent across interfaces that do n...
Đọc thêm

[CCNAv6 S2] 2.2.2.4 Packet Tracer - Configuring IPv4 Static and Default Routes

Hình ảnh
Packet Tracer - Configuring IPv4 Static and Default Routes Addressing Table Objectives Part 1: Examine the Network and Evaluate the Need for Static Routing Part 2: Configure Static and Default Routes Part 3: Verify Connectivity Background In this activity, you will configure static and default routes. A static route is a route that is entered manually by the network administrator to create a reliable and safe route. There are four different static routes that are used in this activity: a recursive static route, a directly attached static route, a fully specified static route, and a default route. Part 1:     Examine the Network and Evaluate the Need for Static Routing a.     Looking at the topology diagram, how many networks are there in total? b.    How many networks are directly connected to R1, R2, and R3? c.     How many static routes are required by each router to reach networks that are not directly ...
Đọc thêm

[CCNAv6 S2] 7.3.2.4 Packet Tracer - Troubleshooting Standard IPv4 ACLs

Hình ảnh
Packet Tracer – Troubleshooting Standard IPv4 ACLs Addressing Table Objectives Part 1: Troubleshoot ACL Issue 1 Part 2: Troubleshoot ACL Issue 2 Part 3: Troubleshoot ACL Issue 3 Scenario This network is meant to have the following three policies implemented: ·         Hosts from the 192.168.0.0/24 network are unable to access network 10.0.0.0/8. ·         L3 can’t access any devices in network 192.168.0.0/24. ·         L3 can’t access Server1 or Server2. L3 should only access Server3. ·         Hosts from the 172.16.0.0/16 network have full access to Server1, Server2 and Server3. Note: All FTP usernames and passwords are “cisco”. No other restrictions should be in place. Unfortunately, the rules that have been implemented are not working correctly. Your task is to find and fix the errors related to the access lists on R1. Part 1:     Troublesh...
Đọc thêm