Scribd Logo
Upload

Welcome to Scribd!

  • ACL Demo

    Uploaded by

    api-3729796
    672 views4 pages
    Outside network can not ping into inner network Don't allow TCP traffic from outside going in, but going out and others traffic is allowable. Hosts in LAN2 can telnet to all three routers.

    Original Description:

    Original Title

    ACL demo

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Outside network can not ping into inner network Don't allow TCP traffic from outside going in, but going out and others traffic is allowable. Hosts in LAN2 can telnet to all three routers.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    672 views4 pages

    ACL Demo

    Uploaded by

    api-3729796
    Outside network can not ping into inner network Don't allow TCP traffic from outside going in, but going out and others traffic is allowable. Hosts in LAN2 can telnet to all three routers.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    222.22.2.

    1 • Outside network can not ping


    E0 into inner network
    Router3 • Don’t allow TCP traffic from
    172.168.30.1 172.168.31.1 outside going in, but going out
    S0 S1 and others traffic is allowable

    172.168.30.2 172.168.31.2
    S1
    E0 S0
    E4
    Router1 Router2
    172.168.29.x 172.168.33.x
    LAN 1 E1 E3 LAN 4

    172.168.28.x 172.168.32.x
    LAN 2 LAN 3

    access-list 102 deny icmp any 172.168.0.0 0.0.255.255 echo


    access-list 102 permit tcp any 172.168.0.0 0.0.255.255 established
    access-list 102 deny tcp any 172.168.0.0 0.0.255.255
    access-list 102 permit ip any any
    On Interface E0 of Router3 : ip access-group 102 in
    222.22.2.1 • Hosts in LAN2 can telnet to all
    E0 three routers
    Router3 • Hosts in LAN1, LAN3 can not
    172.168.30.1 172.168.31.1 telnet to all three routers
    S0 S1

    172.168.30.2 172.168.31.2
    S1
    E0 S0
    E4

    172.168.29.x Router1 Router2 172.168.33.x


    LAN 1 E1 E3 LAN 4

    172.168.28.x
    LAN 2 LAN 3 172.168.32.x

    access-list 1 permit 172.168.28.0 0.0.0.255


    access-list 1 deny 172.168.29.0 0.0.0.255
    access-list 1 deny 172.168.32.0 0.0.0.255
    access-list 1 permit any
    On Interface line vty 0 4 of all Routers : access-class 1 in
    222.22.2.1 •Don’t allow IP traffic between
    E0 LAN1 & LAN2, LAN1 & LAN3
    Router3 • Deny all TCP traffic from LAN1
    172.168.30.1 172.168.31.1 to other network except WEB
    S0 S1 access, allow all others.

    172.168.30.2 172.168.31.2
    S1
    E0 S0
    E4

    172.168.29.x Router1 Router2 172.168.33.x


    LAN 1 E1 E3 LAN 4

    172.168.28.x 172.168.32.x
    LAN 2 LAN 3

    access-list 101 deny ip 172.168.29.0 0.0.0.255 172.168.28.0 0.0.0.255


    access-list 101 deny ip 172.168.29.0 0.0.0.255 172.168.32.0 0.0.0.255
    access-list 101 deny tcp 172.168.29.0 0.0.0.255 any neq www
    access-list 101 permit ip any any
    On Interface E0 of Router1 : ip access-group 101 in
    222.22.2.1 • Allow FTP traffic between
    E0 LAN2 and LAN3
    Router3 •Don’t allow IP traffic between
    172.168.30.1 172.168.31.1 LAN2 & LAN3
    S0 S1

    172.168.30.2 172.168.31.2
    S1
    E0 S0
    E4

    172.168.29.x Router1 Router2 172.168.33.x


    LAN 1 E1 E3 LAN 4

    LAN 2 172.168.28.x LAN 3 172.168.32.x


    access-list 103 permit tcp 172.168.28.0 0.0.0.255 172.168.32.0 0.0.0.255 eq ftp
    access-list 103 permit tcp 172.168.28.0 0.0.0.255 172.168.32.0 0.0.0.255 eq ftp-data
    access-list 103 permit tcp 172.168.28.0 0.0.0.255 eq ftp 172.168.32.0 0.0.0.255
    access-list 103 permit tcp 172.168.28.0 0.0.0.255 eq ftp-data 172.168.32.0 0.0.0.255
    access-list 103 deny ip 172.168.28.0 0.0.0.255 172.168.32.0 0.0.0.255
    access-list 103 permit ip any any
    On Interface E1 of Router1 : ip access-group 103 in

    You might also like