Tải bản đầy đủ (.doc) (2 trang)
  1. Trang chủ
    2. >>
  2. Công Nghệ Thông Tin
    3. >>
  3. Quản trị mạng

Quản trị mạng Lab 9-ACL

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (98.12 KB, 2 trang )

CCNA LAB No. 9: ACCESS LIST CONFIGURATION Lab time: 1 session
 Students are recommended to read the entire lab requirement before starting. The TIP session should
only be used for troubleshooting. For any problem concerns hardware or losing connectivity, please contact
instructor.
Topology:

Caution:
 Disable any ACL on an interface before applying any new ACL to it.
Task 1
1. Access the Routers through Access Server.
2. Configure the IP addresses on the Ethernet interfaces of routers to be the same subnet
with PCs in the lab.
RouterX(config)#int e0
RouterX(config-if)#ip address 10.2.0.16X 255.255.255.0
RouterX(config-if)#no shut
3. Be sure that the connections between the routers are good and Ping from host to routers’
Ethernet interface is successful.
4. Configure telnet access directly to the Ethernet interface of router
RouterX(config)#line vty 0 4
RouterX(config-line)#password cisco
RouterX(config-line)#login

Task 2
1. Use Standard ACL to deny all traffic from a subnet of the host
RouterX(config)#access-list 1 deny 10.2.0.0 0.0.0.255
RouterX(config)#access-list 1 permit any
2. Use Extended ACL to deny ICMP packets in Ping application but still permit telnet packets
RouterX(config)#access-list 100 deny icmp 10.2.0.0 0.0.0.255 host 10.2.0.16X
RouterX(config)#access-list 100 permit ip 10.2.0.0 0.0.0.255 10.2.0.16X 0.0.0.0
equal 23


3. Enable web service on router. Use Extended ACL to deny web sessions from the PC to
router.
RouterX(config)#ip http server
RouterX(config)#access-list 100 deny ip 10.2.0.0 0.0.0.255 host
10.2.0.16X equal 80
Evaluates inbound connections to the HTTP server against a standard access
list
RouterX(config)#ip http access-class <access-list>
4. Use access-class to deny telnet sessions in routers
RouterX(config)#line vty 0 4
RouterX(config-line)#access-class 100 in
Bonus Tasks:
1. Deny icmp traffic, deny telnet traffic and permit only http traffic to your router
2. Try to see whether your PC IP address is odd or even
3. Permit all the odd (or even) IP addresses similar to your PC and deny all the even (or odd)
IP addresses of the remaining devices.
End of lab 9

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×