Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
170 views

CCNA Certification Access List Control ACL-5 Lab Simulation

The document describes a lab simulation to configure an access control list (ACL) to meet the following requirements: - Host C can access the Finance Web Server for HTTP only. - All other access from Host C to the Finance Web Server is blocked. - All access from the Core or local LAN to the Finance Web Server is blocked. - All hosts in the Core and local LAN can access the Public Web Server. The solution is to create an ACL with 3 statements - allow HTTP from Host C to the Finance server, deny all other access to the Finance server, and allow all access to the Public server. This ACL is applied outbound on the interface connecting to the servers.

Uploaded by

ergu vfuko fghui
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
170 views

CCNA Certification Access List Control ACL-5 Lab Simulation

The document describes a lab simulation to configure an access control list (ACL) to meet the following requirements: - Host C can access the Finance Web Server for HTTP only. - All other access from Host C to the Finance Web Server is blocked. - All access from the Core or local LAN to the Finance Web Server is blocked. - All hosts in the Core and local LAN can access the Public Web Server. The solution is to create an ACL with 3 statements - allow HTTP from Host C to the Finance server, deny all other access to the Finance server, and allow all access to the Public server. This ACL is applied outbound on the interface connecting to the servers.

Uploaded by

ergu vfuko fghui
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

CCNA Certification – Access List Control (ACL-5) Lab

Simulation
itexamanswers.net/ccna-certification-access-list-control-acl-5-lab-simulation.html

March 12,
2017

Lab Simulation Question – ACL-5


A corporation wants to add security to its network. The requirements are:
– Host C should be able to use a web browser (HTTP) to access the
Finance Web Server.
– Other types of access from host C to the Finance Web Server should be blocked.
– All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked.
– All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single
outbound interface.
This access list can contain no more than three statements that meet these
requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
– All passwords have been temporarily set to “cisco”.
– The Core connection uses an IP address of 198.18.209.65.
– The computers in the Hosts LAN have been assigned addresses of 192.168.78.1 –
192.168.78.254.
– host A 192.168.78.1
– host B 192.168.78.2
– host C 192.168.78.3
– host D 192.168.78.4
– The Finance Web Server has been assigned an address of 172.22.146.17.
– The Public Web Server in the Server LAN has been assigned an address of
172.22.146.18.

1/3
Answer:
Please see below explanation part for details answer steps:
We should create an access-list and apply it to the interface that is connected to the
Server LAN because it can filter out traffic from both S2 and Core networks. To see which
interface this is, use the “show ip int brief” command:

From this, we know that the servers are located on the fa0/1 interface, so we will place
our numbered access list here in the outbound direction.

Corp1#configure terminal

Our access-list needs to allow host C – 192.168125.3 to the Finance Web Server
172.22.109.17
via HTTP (port 80), so our first line is this:

Corp1(config)#access-list 100 permit tcp host 192.168.125.3 host 172.22.109.17 eq 80

Then, our next two instructions are these:


Other types of access from host C to the Finance Web Server should be blocked.
All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. This can be accomplished with one command (which we need to do as our ACL
needs to be no more than 3 lines long), blocking all other access to the finance web
server:

2/3
Corp1(config)#access-list 100 deny ip any host 172.22.109.17

Our last instruction is to allow all hosts in the Core and on the local LAN access to the
Public Web Server (172.22.109.18)

Corp1(config)#access-list 100 permit ip any host 172.22.109.18

Finally, apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that
the access-list can filter traffic coming from both the LAN and the Core networks.
To verify, just click on host C to open its web browser. In the address box type
http://172.22.109.17 to check if you are allowed to access Finance Web Server or not. If
your configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web
Server from these hosts. Then, repeat to make sure they can reach the public server at
172.22.109.18.
Finally, save the configuration

Corp1(config-if)#end
Corp1#copy running-config startup-config

3/3

You might also like