Documente Academic
Documente Profesional
Documente Cultură
AIM: Access Lists (Applying standard, named and Extended Access lists)
AIM:
2. Implement STANDATD Access List S the user PC1- (192.168.5.2) should be prevented from
accessing the Server0- (192.168.1.1).
Solutions
Solution 2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.1.2 255.255.255.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#exit
Router(config)#interface FastEthernet1/0
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface Serial2/0
Router(config-if)#clock rate 64000
Router(config-if)#ip address 192.168.3.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#router rip
Router(config-router)#network 192.168.2.0
Router(config-router)#network 192.168.3.0
Router(config-router)#network 192.168.1.0
Router(config)#ACCESS ?
<1-99> IP standard access list
<100-199> IP extended access list
Router(config)#ACCESS-list 1 deny host 192.168.5.2
Router(config)#access-list 1 permit any
Router(config)#int fa0/0
Router(config-if)#ip access-group 1 out
Router(config-if)#do write
Building configuration...
[OK]
Solution 3:
Standard ACLs should be placed as near to the destination as possible, as standard ACLs often
discard packets that are allowed to forward (or pass) when they are placed close to the source.
Ex: If an inbound ACL is placed on RT2s Fa1/0, PC2 will never go further than RT2! Hence the
best place to deploy the ACL is on RT3s Fa1/0 with an outbound standard ACL.
Another reason is security loopholes might exist when a link between routers fails packets that
pass through another new path might no longer be passing through the ACL-secured interface.