Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Lab 10 Access List

    Încărcat de

    anurag sawarn
    59 vizualizări4 pagini
    The document describes a lab experiment on implementing access lists. The objectives are to familiarize students with standard, extended, and named access lists, and to apply them in a network topology to achieve specific access policies. These include: denying PC1 access to a server, denying PC2 access to another server's web interface, allowing a network monitoring system to access a server's SNMP service, and permitting all other traffic. The solutions provide the configuration steps to implement these access lists on routers to filter traffic as intended.

    Descriere originală:

    iddhiefheifh

    Titlu original

    15761_Lab 10 Access List

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    The document describes a lab experiment on implementing access lists. The objectives are to familiarize students with standard, extended, and named access lists, and to apply them in a network topology to achieve specific access policies. These include: denying PC1 access to a server, denying PC2 access to another server's web interface, allowing a network monitoring system to access a server's SNMP service, and permitting all other traffic. The solutions provide the configuration steps to implement these access lists on routers to filter traffic as intended.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    59 vizualizări4 pagini

    Lab 10 Access List

    Încărcat de

    anurag sawarn
    The document describes a lab experiment on implementing access lists. The objectives are to familiarize students with standard, extended, and named access lists, and to apply them in a network topology to achieve specific access policies. These include: denying PC1 access to a server, denying PC2 access to another server's web interface, allowing a network monitoring system to access a server's SNMP service, and permitting all other traffic. The solutions provide the configuration steps to implement these access lists on routers to filter traffic as intended.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    INT507: NETWORK ADMINISTRATION LABORATORY

    Lab 10: Access List

    AIM: Access Lists (Applying standard, named and Extended Access lists)

    AIM:

    Description of various Access Lists and their Implementation


    Setting up LAB for applying Access List
    --------------------------------------------------------------------------------------------------------------

    1. Familiar your-self with the types of Routing protocol


    a. Standard Access List,
    b. Extended Access List
    c. Name

    2. Implement STANDATD Access List S the user PC1- (192.168.5.2) should be prevented from
    accessing the Server0- (192.168.1.1).

    3. Implement standard ACLs to deny the access of PC2 to Server A.

    4. Implement extended ACLs to achieve the following security policies:

    Chandra Prakash, LPU Page 1


    INT507: NETWORK ADMINISTRATION LABORATORY
    Lab 10: Access List

    i) Deny PC2 access to ServerAs web server.


    ii) Deny PC1 access to hosts on RT2 Ethernet.
    iii) Allow PC3, a NMS, access to ServerAs SNMP service.
    iv) All other combinations are allowed.

    Solutions

    Chandra Prakash, LPU Page 2


    INT507: NETWORK ADMINISTRATION LABORATORY
    Lab 10: Access List

    Solution 2:

    Router>enable
    Router#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#interface FastEthernet0/0
    Router(config-if)#ip address 192.168.1.2 255.255.255.0
    Router(config-if)#no shutdown
    %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
    Router(config-if)#exit
    Router(config)#interface FastEthernet1/0
    Router(config-if)#ip address 192.168.2.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#interface Serial2/0
    Router(config-if)#clock rate 64000
    Router(config-if)#ip address 192.168.3.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#router rip
    Router(config-router)#network 192.168.2.0
    Router(config-router)#network 192.168.3.0
    Router(config-router)#network 192.168.1.0
    Router(config)#ACCESS ?
    <1-99> IP standard access list
    <100-199> IP extended access list
    Router(config)#ACCESS-list 1 deny host 192.168.5.2
    Router(config)#access-list 1 permit any
    Router(config)#int fa0/0
    Router(config-if)#ip access-group 1 out
    Router(config-if)#do write
    Building configuration...

    Chandra Prakash, LPU Page 3


    INT507: NETWORK ADMINISTRATION LABORATORY
    Lab 10: Access List

    [OK]

    Solution 3:

    Standard ACLs should be placed as near to the destination as possible, as standard ACLs often
    discard packets that are allowed to forward (or pass) when they are placed close to the source.
    Ex: If an inbound ACL is placed on RT2s Fa1/0, PC2 will never go further than RT2! Hence the
    best place to deploy the ACL is on RT3s Fa1/0 with an outbound standard ACL.
    Another reason is security loopholes might exist when a link between routers fails packets that
    pass through another new path might no longer be passing through the ACL-secured interface.

    Standard IP Access Lists configuration on RT3:

    Chandra Prakash, LPU Page 4

    S-ar putea să vă placă și