Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 136 views

    Lab Test 2 Report Muhammad Faiz Bin Zakariah

    Uploaded by

    Muizz Zainol
    This lab focused on configuring access control lists (ACLs) on routers to control network access and traffic flow. Standard and extended ACLs were configured on routers R1, R2, and R3 to permit or deny traffic based on IP addresses. The results showed that PC1 could telnet to R1 as allowed, and PC2 could telnet to R3, while ACLs on R2 correctly denied telnet access to R1 and R3. Additionally, ping tests between PC1 and PC2 failed as expected due to the ACL configuration on R2 blocking traffic between the LANs. The lab helped demonstrate how to properly configure ACLs on Cisco routers to filter network traffic according to specific criteria.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Lab Test 2 Report Muhammad Faiz Bin Zakariah

    Uploaded by

    Muizz Zainol
    136 views4 pages
    This lab focused on configuring access control lists (ACLs) on routers to control network access and traffic flow. Standard and extended ACLs were configured on routers R1, R2, and R3 to permit or deny traffic based on IP addresses. The results showed that PC1 could telnet to R1 as allowed, and PC2 could telnet to R3, while ACLs on R2 correctly denied telnet access to R1 and R3. Additionally, ping tests between PC1 and PC2 failed as expected due to the ACL configuration on R2 blocking traffic between the LANs. The lab helped demonstrate how to properly configure ACLs on Cisco routers to filter network traffic according to specific criteria.

    Original Description:

    acl

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This lab focused on configuring access control lists (ACLs) on routers to control network access and traffic flow. Standard and extended ACLs were configured on routers R1, R2, and R3 to permit or deny traffic based on IP addresses. The results showed that PC1 could telnet to R1 as allowed, and PC2 could telnet to R3, while ACLs on R2 correctly denied telnet access to R1 and R3. Additionally, ping tests between PC1 and PC2 failed as expected due to the ACL configuration on R2 blocking traffic between the LANs. The lab helped demonstrate how to properly configure ACLs on Cisco routers to filter network traffic according to specific criteria.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    136 views4 pages

    Lab Test 2 Report Muhammad Faiz Bin Zakariah

    Uploaded by

    Muizz Zainol
    This lab focused on configuring access control lists (ACLs) on routers to control network access and traffic flow. Standard and extended ACLs were configured on routers R1, R2, and R3 to permit or deny traffic based on IP addresses. The results showed that PC1 could telnet to R1 as allowed, and PC2 could telnet to R3, while ACLs on R2 correctly denied telnet access to R1 and R3. Additionally, ping tests between PC1 and PC2 failed as expected due to the ACL configuration on R2 blocking traffic between the LANs. The lab helped demonstrate how to properly configure ACLs on Cisco routers to filter network traffic according to specific criteria.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4
    At a glance
    Powered by AI
    This lab demonstrates how to configure standard and extended ACLs on routers to control network access and filter traffic. It shows how ACLs can be used to permit or deny connections from certain IP addresses.

    This lab demonstrates configuring ACLs on three routers to control network access between different subnets. Standard ACLs were used on R1 and R3 to permit connections from directly connected subnets, while an extended ACL on R2 was used to deny traffic between R1 and R3.

    Standard ACLs filter based on source IP addresses only, while extended ACLs can filter based on additional criteria like protocol, source/destination ports. Standard ACLs use numbers 1-99/1300-1999 while extended ACLs use 100-199/2000-2699.

    Lab Test 2: Access Control Lists

    Muhammad Faiz Bin Zakariah

    Universiti Kuala Lumpur British Malaysian Institute (UniKL-BMI), Batu 8, Sungai Pusu, 53100 Kuala
    Lumpur.

    faiz_zack12@yahoo.com

    Abstract This Lab presents the overview of type, source or destination IP address, source or
    configuring a network by using Access Control destination of TCP or UDP ports. Both ACLs types
    Lists for network connectivity. This includes can be Numbered or Named. In table below
    about how to configure standard ACLs, shows what numbers are used for both IP ACLs
    configure extended ACLs and how to verify ACLs types.
    by using packet tracer. Through this lab, the
    Standard
    simulation of the network connectivity is 1 to 99 1300 to 1999
    ACLs
    presented and the results of all part in this lab
    Extended
    was successfully obtained. 100 to 199 2000 to 2699
    ACLs
    I. INTRODUCTION Table 1: Numbers Used by ACLs

    Access Control Lists are used to control traffic II. DISCUSSION


    into and out of your network based on given In this lab test, a network needed to be
    criteria. ACL consists of a sequence of permit or configured. By using Cisco Packet Tracer, the
    deny statements that apply to network layer or simulation of the network was conducted and
    upper layer protocols. Most often Access Control the network design is as shown as shown in a
    Lists are used for security reasons to filter traffic. figure below:
    Access lists are applied per interface as inbound
    ACL and outbound ACL. Inbound ACL where
    packets are processed before they are routed
    while outbound ACL where packets are routed to
    outbound interface and then processed by ACL.

    ACLs do not also act on packets that were


    originated from the router itself. At the end of
    every access list is an implicit deny any
    statement. Therefore, if a packet doesnt match
    any of the ACL statements, it is automatically
    denied or dropped.

    In ACLs, there can be of two types which are


    standard and extended. Standard ACLs enable
    you to permit or deny traffic from source IP
    addresses. The destination of the packet and the
    port doesnt matter. But in extended ACLs, there
    are more advanced and IP packets are filtered Figure 1: Network Design
    based on several criteria, for example, protocol
    For task 1 in this lab test, all devices need to be
    configured such as configure the router
    hostname, IP address, and also password for an
    encrypted privileged EXEC, console and VTY lines Figure 3: Command for VTY Lines
    for each of the routers. After that, a message
    banner need to be configured as well. This As shown in a figure above, this was the
    message will pop-up when router is started. This command applied to R1 and R3 vty virtual
    is also known as the basic configuration for all interfaces.
    routers. In this configuration, OSPF is used with
    For task 3, only router 2 or R2 need to be
    process ID 1 on all routers for all networks in configured with ACLs. However, on R2 extended
    order to connect all IP connectivity successfully
    named ACLs were used. The name that was given
    by using the Ping command.
    as stated in the lab sheet is block.
    Next, for task 2, router 1 or R1 and router 3 or R3
    must be configured with standard ACLs. The
    standard ACLs have been configured with
    standard name ACLs configuration which have
    been applied on the R1 and R3 vty lines. The ACLs
    have to permit hosts connected directly to their Figure 4: Command to Configure Extended
    Fast Ethernet subnets to gain Telnet access and Named ACLs
    explicitly deny all other connection attempts. All
    of the standard ACLs that have been configured The above figure shows the command that was
    need to be named with VTY-Local and applied to used to configure extended named ACLs. In
    all telnet lines. extended ACLs, there must be IP addresses of
    source and destination to be compared to in
    order to deny certain IP addresses from access
    into router. From the above figure, Telnet
    packets with those IP addresses will be dropped
    as they are trying to travel through R2.

    Figure 2: Command to Configure Standard


    Named ACLs

    The above figure shows that the command that Figure 5: Apply an Extended ACL to an Interface
    was used to create or configure named ACLs The figure above shows the command that was
    which only permitting hosts that had connected used to apply an extended ACL to an interface.
    directly to their Fast Ethernet which for R1 This command will take all access list lines that
    10.1.1.0 and for R3 10.3.1.0 followed by their are defined as being part of group block and
    wildcard mask. After that, all other hosts were applies them in an inbound manner. Packet that
    unable or not be allowed to gain Telnet access to are going out Serial0/0/0 and Serial0/0/1 will be
    R1 and R3 excepts for their Fast Ethernet. checked.
    III. RESULTS & ANALYSIS

    After all the devices in the network was


    configured. The ACLs need to be verified by using
    Telnet command.

    Figure 8: Denied Telnet to R1 and R3

    Figure 9: Denied Telnet from R1 to R3

    From the 2 above figures, it shows that the R2


    successfully denied telnet access to R1 and R3.
    Figure 6: Telnet from PC1 to R1
    This means the ACLs on R2 have been configured
    From the lab sheet, PC1 should be able to telnet correctly as the results are as stated by the lab
    R1. Therefore, this is the right result as stated in sheet.
    the lab sheet for the telnet from PC1 to R1.

    Figure 10: Failed Ping Between PC1 and PC2

    The above figure shows that the ping between


    Figure 7: Telnet from PC2 to R3 PC1 and PC2 was failed. This is due to R2 ACL
    configuration. On R2, the ACL have been
    From the lab sheet, PC2 should also be able to configured to block or denied traffic from R1 LAN
    telnet R3. As the results shown above, the from reaching the R3 LAN. This is why PC1 cannot
    correct result have been obtained as the lab ping PC2. The connection has been denied by R2.
    sheet wanted. So the result from the above figure is correct as
    the lab sheet stated that pings between PC1 and
    PC2 should be fail.
    IV. CONCLUSION 5. How to Configure Cisco Extended
    Named Access Control List in Router.
    As the conclusion, this lab has thought me on
    (2014, July 13). Retrieved May 24, 2017,
    how to be able to configure the Access Control
    from
    Lists (ACLs) correctly by using a Packet Tracer
    http://www.smartpctricks.com/2014/0
    Software. This lab also helps me to differentiate
    7/cisco-extended-named-acl.html
    on how to block a certain or any IP addresses
    from enter our network. As the results, all of
    them were obtained as the lab sheet asked for.
    However, before the correct result can be
    obtained. There are some difficulties that must
    be faced. For instance, the ACL at VTY-Local did
    not successful configured. After a few
    troubleshooting has been done. Finally, the ACL
    can be configured. From this kind of difficulties
    helps me to understand more about ACL.

    Lastly, it is important to know and learn about


    ACL so that a network can be protected from any
    attacks or cybercrime such as ransomware and
    others.

    REFERENCES

    1. What is access control list (ACL)? -


    Definition from WhatIs.com. (n.d.).
    Retrieved May 24, 2017, from
    http://searchsoftwarequality.techtarget
    .com/definition/access-control-list
    2. Creating Standard Access Control Lists
    (ACLs). (n.d.). Retrieved May 24, 2017,
    from
    http://www.dummies.com/programmi
    ng/networking/cisco/creating-standard-
    access-control-lists-acls/
    3. Extended Access Control Lists (ACLs).
    (n.d.). Retrieved May 24, 2017, from
    http://www.dummies.com/programmi
    ng/networking/cisco/extended-access-
    control-lists-acls/
    4. A. (2011, May 28). How to configure a
    Named Extended Access List on a Cisco
    Router. Retrieved May 24, 2017, from
    http://www.youtube.com/watch?v=qW
    oUPIRlrMM

    You might also like