Scribd Logo
Upload

Welcome to Scribd!

  • ACL Lab-1 2013-3

    Uploaded by

    Marcelo Saraiva
    29 views2 pages
    __ACL_Lab-1_2013-3

    Original Title

    __ACL_Lab-1_2013-3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    __ACL_Lab-1_2013-3

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views2 pages

    ACL Lab-1 2013-3

    Uploaded by

    Marcelo Saraiva
    __ACL_Lab-1_2013-3

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    ACL-1

    Name:

    Date:

    CCNA - 4

    Prof. CHIN
    H:\__Course_Materials\Class_Cisco\_Sem-2\ACL_Lab-1_2013-2.docx

    ACLLab1

    X=Switch#

    HQXSwitch:______________

    DMZXRouter

    DMZXRouter:______________

    Loopback0

    192.168.255.X

    /32

    FastEthernet0/0

    192.168.0.X

    /24

    FastEthernet0/1
    TrunkMode
    Dot1q
    Encapsulation

    No IP Address

    FastEthernet0/1.99NATIVEVLAN

    192.168._X_.1

    /28

    FastEthernet0/1.XSERVERVLAN

    192.168._X_.17

    /28

    FastEthernet0/1.100+XSTAFFVLAN

    192.168._X_.33

    /27

    FastEthernet0/1.200+XSALESVLAN

    192.168._X_.65

    /26

    192.168._X_.2

    /28

    HQXSwitch

    VLAN99NativeVLAN(Trunk)

    YourPC

    NICCardSTAFFVLAN

    TFTPServer

    NICCardS1CENTRALSwitch

    192.168.X.40

    NETWORK

    192.168.0.200

    VLAN

    Name

    Access Ports

    SERVERS

    192.168.X.16

    /28

    FA 0/5 9

    100+X

    STAFF

    192.168.X.32

    /27

    FA 0/10 20

    200+X

    SALES

    192.168.X.64

    /26

    FA 0/21 24

    99

    NATIVE

    192.168.X.0

    /28

    /27

    Trunk Ports

    FA 0/1-4; GIG 0/1-2

    CONFIGURATIONS:

    1. DMZXRouter:
    a. Configurestandardsettings,withTelnetandSSH:usernameadmin,passwordcisco
    b. OnS1Central,DMZsFAST0/0IPAddress:192.168.0.X/24
    c. OnS1Central,ISPsIPAddress:192.168.0.254/24
    d. FAST0/1connectstoHQSwitchonaTrunkPort(802.1qEncapsulation)
    e. FAST0/1.99isNativeandManagementVLANwithIPAddress:192.168.X.1/28
    f. DMZRouterhasfirstHostIPAddressforeveryVLANsinyourNetwork(seeTABLE)
    g. TheISPisthedefaultroute:iproute0.0.0.00.0.0.0FAST0/0192.168.0.254
    h. ConfigureOSPFinArea0andpropagatethedefaultroute

    ConfigureStandardACLonDMZtofilterinboundpacketsfromS1Central:

    DMZ(config)# access-list 2 deny


    DMZ(config)# access-list 2 permit
    DMZ(config)# access-list 2 permit
    DMZ(config)# access-list 2 deny
    DMZ(config)# access-list 2 permit
    DMZ(config)# interface FAST 0/0
    DMZ(config-if)# ip access-group 2

    134.196.0.0
    0.0.255.255
    192.168.0.0
    0.0.0.255
    192.168.Partner-X.0 0.0.0.255
    192.168.0.0
    0.0.255.255
    any
    in

    ConfigureExtendedACLonDMZtofilterinboundpacketsfromVLANs:
    DMZ(config)# access-list 100 deny
    DMZ(config)# access-list 100 permit
    DMZ(config)# access-list 100 permit
    DMZ(config)# access-list 100 deny
    DMZ(config)# access-list 100 deny
    DMZ(config)# access-list 100 deny
    DMZ(config)# access-list 100 deny
    DMZ(config)# access-list 100 permit
    DMZ(config)# interface FAST 0/1
    DMZ(config-if)# ip access-group 100

    i.

    tcp
    tcp
    tcp
    icmp
    tcp
    tcp
    udp
    ip

    192.168.X.40 0.0.0.255 any eq 22


    192.168.X.40 0.0.0.0 any eq 23
    192.168.0.0
    0.0.63.255 any eq 22
    any host 206.190.36.45
    any any eq
    23
    any any range 1024 5000
    any any range 3000 8000
    any any

    in

    TrytoPing,Telnet,SSHthedestinationsintheACLstatements

    2. HQSwitch:
    a. Configurestandardsettings,withTelnetandSSH:usernameadmin,passwordcisco
    b. CreatetheVLANsaccordingtoTABLE
    c. InterfaceVLAN99IPAddress:192.168.X.2/28
    d. TrytoPing,Telnet,SSHthedestinationsintheACLstatements

    3. YourPC:
    a. ConnectyourPCtoHQSwitchportFAST0/15toaccessVLAN100+X(StaffVLAN)
    b. IPAddressis:192.168.X.40/27
    c. DefaultGateway:192.168.X.33
    d. DNSis147.70.101.102
    e. TrytoPing,Telnet,SSHthedestinationsintheACLstatements

    You might also like