CCNA Listas de Acceso a red, Otro de Redes de Computadoras. Universidad Tecnológica del Peru
alexis-cisneros
alexis-cisneros12 de junio de 2017

CCNA Listas de Acceso a red, Otro de Redes de Computadoras. Universidad Tecnológica del Peru

PDF (393 KB)
73 pages
40Número de visitas
Descripción
Ejercicios Prácticos , util para ejercitar la mente teniendo presente importantes comandos vinculados al curso propiciaco por cisco .En este contexto se tiene intención de crear ciertas listas en el router que nos permit...
20Puntos
Puntos download necesarios para descargar
este documento
descarga el documento
Pre-visualización3 pages / 73
Esta solo es una pre-visualización
3 shown on 73 pages
descarga el documento
Esta solo es una pre-visualización
3 shown on 73 pages
descarga el documento
Esta solo es una pre-visualización
3 shown on 73 pages
descarga el documento
Esta solo es una pre-visualización
3 shown on 73 pages
descarga el documento
Access Lists Workbook

0.0.0.0

permit Extended

A C

L Standard

access-groupdeny access-list

ACL

Wildcard Mask

Any

Access Lists

Workbook Version 1.5

Student Name:

Inside Cover

IP Standard IP Extended Ethernet Type Code Ethernet Address DECnet and Extended DECnet XNS Extended XNS Appletalk 48-bit MAC Addresses IPX Standard IPX Extended IPX SAP (service advertisement protocol) IPX SAP SPX Extended 48-bit MAC Addresses IPX NLSP IP Standard, expanded range IP Extended, expanded range SS7 (voice) Standard Vines Extended Vines Simple Vines Transparent bridging (protocol type) Transparent bridging (vendor type) Extended Transparent bridging Source-route bridging (protocol type) Source-route bridging (vendor type)

Access-List Numbers 99 199 299 799 399 499 599 699 799 899 999 1099 1099 1199 1299 1999 2699 2999 100 200 300 299 799 1199 299 799

1 100 200 700 300 400 500 600 700 800 900

1000 1000 1100 1200 1300 2000 2700

1 101 201 200 700

1100 200 700

to to to to to to to to to to to to to to to to to to to to to to to to to to

Produced by: Robb Jones jonesr@careertech.net and/or Robert.Jones@fcps.org

Frederick County Career & Technology Center Cisco Networking Academy

Frederick County Public Schools Frederick, Maryland, USA

Special Thanks to Melvin Baker, Jim Dorsch, and Brent Sieling for taking the time to check this workbook for errors, and making suggestions for improvements.

1

ACLs... ...are a sequential list of instructions that tell a router which packets to permit or deny.

The router checks to see if the packet is routable. If it is it looks up the route in its routing table.

The router then checks for an ACL on that outbound interface.

If there is no ACL the router switches the packet out that interface to its destination.

If there is an ACL the router checks the packet against the access list statements sequentially. Then permits or denys each packet as it is matched.

If the packet does not match any statement written in the ACL it is denyed because there is an implicit “deny any” statement at the end of every ACL.

General Access Lists Information Access Lists...

...are read sequentially.

...are set up so that as soon as the packet matches a statement it stops comparing and permits or denys the packet. ...need to be written to take care of the most abundant traffic first. ...must be configured on your router before you can deny packets. ...can be written for all supported routed protocols; but each routed protocol must have a different ACL for each interface. ...must be applied to an interface to work.

What are Access Control Lists?

How routers use Access Lists (Outbound Port - Default)

Standard Access Lists Standard Access Lists...

...are numbered from 1 to 99.

...filter (permit or deny) only source addresses.

...do not have any destination information so it must placed as close to the destination as possible. ...work at layer 3 of the OSI model.

2

Why standard ACLs are placed close to the destination.

If you want to block traffic from Juan’s computer from reaching Janet’s computer with a standard access list you would place the ACL close to the destination on Router D, interface E0. Since its using only the source address to permit or deny packets the ACL here will not effect packets reaching Routers B, or C.

Router A

Router B

Router C

Router D

If you place the ACL on router A to block traffic to Router D it will also block all packets going to Routers B, and C; because all the packets will have the same source address.

Juan’s Computer

Janet’s Computer

Jimmy’s Computer

Matt’s Computer

E0

E0 E0

E0

S0

S1 S0

S0S1

S1

3

Lisa’s Computer

Standard Access List Placement Sample Problems

In order to permit packets from Juan’s computer to arrive at Jan’s computer you would place the standard access list at router interface ______.!"#

Lisa has been sending unnecessary information to Paul. Where would you place the standard ACL to deny all traffic from Lisa to Paul? Router Name ______________ Interface ___________

Where would you place the standard ACL to deny traffic from Paul to Lisa? Router Name ______________ Interface ___________

$%&'()*+ ,#

$%&'()*" ,-

Paul’s Computer

FA1FA0

Router A

Juan’s Computer

Jan’s Computer

S0 S1E0

E1

Router BRouter A

S0 S1E0 FA1

S0S1 Router B

Router C

Standard Access List Placement

4

Router A

S0 S1E0

FA1

Sarah’s Computer

Jackie’s Computer

Router FRouter E

Router D

S1

S0

S1

E0

S1

Linda’s Computer

Melvin’s Computer

Jim’s Computer

Jeff’s Computer

George’s Computer

Kathy’s Computer

Carrol’s Computer

Ricky’s Computer

Jenny’s Computer Amanda’s

Computer

5

$%&'()*. ,-

Standard Access List Placement 1. Where would you place a standard access list to permit traffic from Ricky’s computer to reach Jeff’s computer?

2. Where would you place a standard access list to deny traffic from Melvin’s computer from reaching Jenny’s computer?

3. Where would you place a standard access list to deny traffic to Carrol’s computer from Sarah’s computer?

4. Where would you place a standard access list to permit traffic to Ricky’s computer from Jeff’s computer?

5. Where would you place a standard access list to deny traffic from Amanda’s computer from reaching Jeff and Jim’s computer?

6. Where would you place a standard access list to permit traffic from Jackie’s computer to reach Linda’s computer?

7. Where would you place a standard access list to permit traffic from Ricky’s computer to reach Carrol and Amanda’s computer?

8. Where would you place a standard access list to deny traffic to Jenny’s computer from Jackie’s computer?

9. Where would you place a standard access list to permit traffic from George’s computer to reach Linda and Sarah’s computer?

10. Where would you place an ACL to deny traffic from Jeff’s computer from reaching George’s computer?

11. Where would you place a standard access list to deny traffic to Sarah’s computer from Ricky’s computer?

12. Where would you place an ACL to deny traffic from Linda’s computer from reaching Jackie’s computer?

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

$%&'()*" ,-

Extended Access Lists... ...are numbered from 100 to 199. ...filter (permit or deny) based on the: source address

destination address protocol application / port number

... are placed close to the source.

...work at both layer 3 and 4 of the OSI model.

Extended Access Lists

Why extended ACLs are placed close to the source.

If you want to deny traffic from Juan’s computer from reaching Janet’s computer with an extended access list you would place the ACL close to the source on Router A, interface E0. Since it can permit or deny based on the destination address it can reduce backbone overhead and not effect traffic to Routers B, or C.

If you place the ACL on Router E to block traffic from Router A, it will work. However, Routers B, and C will have to route the packet before it is finally blocked at Router E. This increases the volume of useless network traffic.

6

Router A

Router B

Router C

Router D

Juan’s Computer

Janet’s Computer

Jimmy’s Computer

Matt’s Computer

E0

FA0

E0

E0

S0

S1 S0

S0S1

S1

7

Juan’s Computer

Jan’s Computer

Extended Access List Placement Sample Problems

In order to permit packets from Juan’s computer to arrive at Jan’s computer you would place the extended access list at router interface ______.,-

Lisa has been sending unnecessary information to Paul. Where would you place the extended ACL to deny all traffic from Lisa to Paul? Router Name ______________ Interface ___________

Where would you place the extended ACL to deny traffic from Paul to Lisa? Router Name ______________ Interface ___________

$%&'()*" !"-

$%&'()*+ !"#

E1E0

Router A

S0 S1

FA0 FA1

Router BRouter A

Lisa’s Computer

Paul’s Computer

8

S0 S1FA0 E1

S0S1 Router B

Router C

Extended Access List Placement

Router A

S0 S1FA0

FA1

Sarah’s Computer

Jackie’s Computer

Router FRouter E

Router D

S1

S0

S1

FA0

S1

Linda’s Computer

Melvin’s Computer

Jim’s Computer

Jeff’s Computer

George’s Computer

Kathy’s Computer

Carrol’s Computer

Ricky’s Computer

Jenny’s Computer Amanda’s

Computer

9

Extended Access List Placement Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

Router Name_________________ Interface ____________________

1. Where would you place an ACL to deny traffic from Jeff’s computer from reaching George’s computer?

2. Where would you place an extended access list to permit traffic from Jackie’s computer to reach Linda’s computer?

3. Where would you place an extended access list to deny traffic to Carrol’s computer from Ricky’s computer?

4. Where would you place an extended access list to deny traffic to Sarah’s computer from Jackie’s computer?

5. Where would you place an extended access list to permit traffic from Carrol’s computer to reach Jeff’s computer?

6. Where would you place an extended access list to deny traffic from Melvin’s computer from reaching Jeff and Jim’s computer?

7. Where would you place an extended access list to permit traffic from George’s computer to reach Jeff’s computer?

8. Where would you place an extended access list to permit traffic from Jim’s computer to reach Carrol and Amanda’s computer?

9. Where would you place an ACL to deny traffic from Linda’s computer from reaching Kathy’s computer?

10. Where would you place an extended access list to deny traffic to Jenny’s computer from Sarah’s computer?

11. Where would you place an extended access list to permit traffic from George’s computer to reach Linda and Sarah’s computer?

12. Where would you place an extended access list to deny traffic from Linda’s computer from reaching Jenny’s computer?

$%&'()*. !"-

$%&'()*! !"#

Access Lists on your incoming port... ...requires less CPU processing. ...filters and denys packets before the router has to make a routing decision.

Access Lists on your outgoing port... ...are outbound by default unless otherwise specified. ...increases the CPU processing time because the routing decision is made and the packet switched to the correct outgoing port before it is tested against the ACL.

Choosing to Filter Incoming or Outgoing Packets

Breakdown of a Standard ACL Statement

access-list 1 permit 192.168.90.36 0.0.0.0

/()01' %) 2(34

5&'%3%0%&6 3&07() #*'%*88

6%&)9( 522)(66

:1;295)2 056<

access-list 78 deny host 192.168.90.36 log

/()01'*%)*2(34

5&'%3%0%&6 3&07() #*'%*88

6%&)9( 522)(66

132195'(6*5 6/(91=19*>%6' 522)(66

?@/'1%35;A B(3()5'(6*5*;%B (3')4*%3*'>(

)%&'()*=%)*(59> /59<('*'>5' 05'9>(6*'>16 6'5'(0(3'

10

Breakdown of an Extended ACL Statement

access-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.12 0.0.0.0

/()01'*%)*2(34

5&'%3%0%&6 3&07()

#--*'%*#88

6%&)9( :1;295)2 056<

2(6'135'1%3 522)(66

2(6'135'1%3 :1;295)2 056<

access-list 178 deny tcp host 192.168.90.36 host 192.175.63.12 eq 23 log

/()01' %)

2(34

5&'%3%0%&6 3&07()

#--*'%*#88

6%&)9( 522)(66

132195'(6*5 6/(91=19 >%6'

/)%'%9%; 19/C 190/C

'9/C*&2/C 1/C ('9D

2(6'135'1%3 522)(66

%/()5'%) (E*=%)*F B'*=%)*G ;'*=%)*H 3(B*=%)*F

/%)' 3&07()

?IJ*F*'(;3(')

?@/'1%35;A B(3()5'(6*5*;%B (3')4*%3*'>(

)%&'()*=%)*(59> /59<('*'>5' 05'9>(6*'>16 6'5'(0(3'

/)%'%9%; 19/C 190/C

'9/C*&2/C 1/C ('9D

11

6%&)9( 522)(66

Protocols Include: (Layers 3 and 4) IP IGMP IPINIP TCP GRE OSPF UDP IGRP NOS ICMP EIGRP Integer 0-255

To match any internet protocol use IP.

132195'(6*5 6/(91=19 >%6'

Named ACLs... ...are standard or extended ACLs which have an alphanumeric name

instead of a number. (ie. 1-99 or 100-199)

Named Access Lists Information Named Access Lists...

...identify ACLs with an intuutive name instead of a number.

...eliminate the limits imposed by using numbered ACLs. (798 for standard and 799 for extended) ...provide the ability to modify your ACLs without deleting and reloading the revised access list. It will only allow you to add statements to the end of the exsisting statements. ...are not compatable with any IOS prior to Release 11.2. ...can not repeat the same name on multiple ACLs.

What are Named Access Control Lists?

Applying a Standard Named Access List called “George”

Write a named standard access list called “George” on Router A, interface E1 to block Melvin’s computer from sending information to Kathy’s computer; but will allow all other traffic.

Place the access list at: Router Name: *******$%&'()*" Interface: ****************,# Access-list Name: K(%)B(

[Writing and installing an ACL]

Router#*9%3=1B&)(*'()0135;*?%)*9%3=1B*'A Router(config)#1/*599(66L;16'*6'5325)2*K(%)B( Router(config-std-nacl)#*2(34*>%6'*MID#NDM-DJO Router(config-std-nacl)#*/()01'*534 Router(config-std-nacl)#*13'()=59(*(# Router(config-if)#*1/*599(66LB)%&/*K(%)B(*%&' Router(config-if)#*(P1' Router(config)#*(P1'

12

A pp

ly in

g an

e xt

en de

d N

am ed

A cc

es s

Li st

ca lle

d “G

ra ci

e”

W rit

e a

na m

ed e

xt en

de d

ac ce

ss lis

t c al

le d

“G ra

cie ” o

n Ro

ut er

A , I

nt er

fa ce

E 0

ca lle

d “G

ra cie

” t o

de ny

H TT

P tra

ffi c

in te

nd ed

fo r

we b

se rv

er 1

92 .1

68 .2

07 .2

7, b

ut w

ill pe

rm it

al l o

th er

H TT

P tra

ffi c

to re

ac h

th e

on ly

th e

19 2.

16 8.

20 7.

0 ne

tw or

k. D

en y

al l o

th er

IP tr

af fic

. Ke

ep in

m in

d th

at th

er e

m ay

b e

m ul

tip le

w ay

s m an

y o f t

he in

di vid

ua l s

ta te

m en

ts in

a n A

CL ca

n be

w rit

te n.

P la

ce th

e ac

ce ss

lis t a

t: R

ou te

r N am

e: ** ** ** *$ %& '( )* "

In te

rfa ce

: * ** ** ** ** ** ** ** *, -

A cc

es s-

lis t M

ai l:

K

)5 91 (

[W rit

in g

an d

in st

al lin

g an

A C

L]

R o u t e r # 9% 3= 1B &) (* '( )0

13 5; *? %) *9 %3 =1 B* 'A

R o u t e r ( c o n f i g ) # 1/ *5 99 (6 6L ;1 6' *( P' (3 2 (2 *K )5 91 (

R o u t e r ( c o n f i g - e x t - n a c l ) # 2 (3 4* '9 /* 53 4* >% 6' *# 8 I D# N QD I - MD I M* (E *: : :

R o u t e r ( c o n f i g - e x t - n a c l ) # / () 0 1' *' 9/ *5 34 *# 8 I D# N QD I - MD - *- D- D- DI O O *( E* : : :

R o u t e r ( c o n f i g - e x t - n a c l ) # 1 3' () =5 9( *( -

R o u t e r ( c o n f i g - i f ) # 1 /* 59 9( 66 LB )% &/ *K )5 91 (* 13

R o u t e r ( c o n f i g - i f ) # ( P1 '

R o u t e r ( c o n f i g ) # ( P1 '

13

14

Choices for Using Wildcard Masks

Wildcard masks are usually set up to do one of four things: 1. Match a specific host. 2. Match an entire subnet. 3. Match a specific range. 4. Match all addresses.

1. Matching a specific host. For standard access lists:

Access-List 10 permit 192.168.150.50 0.0.0.0 or

Access-List 10 permit 192.168.150.50 or

Access-List 10 permit host 192.168.150.50

For extended access lists: Access-list 110 deny ip 192.168.150.50 0.0.0.0 any

or Access-list 110 deny ip host 192.168.150.50 any

2. Matching an entire subnet Example 1

Address: 192.168.50.0 Subnet Mask: 255.255.255.0

Access-list 25 deny 192.168.50.0 0.0.0.255

Example 2 Address: 172.16.0.0 Subnet Mask: 255.255.0.0

Access-list 12 permit 172.16.0.0 0.0.255.255

Example 3 Address: 10.0.0.0 Subnet Mask: 255.0.0.0

Access-list 125 deny udp 10.0.0.0 0.255.255.255 any

(standard ACL’s assume a 0.0.0.0 mask)

15

Example 1 Address: 10.250.50.112 Subnet Mask: 255.255.255.224

Access-list 125 permit udp 10.250.50.112 0.0.0.31 any

e Example 2 Address Range: 192.168.16.0 to 192.168.16.127

Access-list 125 deny ip 192.168.16.0 0.0.0.127 any (This ACL would block the lower half of the subnet.)

Example 3 Address: 172.250.16.32 to 172.250.31.63

Access-list 125 permit ip 172.250.16.32 0.0.15.31 any

4. Match everyone.

For standard access lists: Access-List 15 permit any

or Access-List 15 deny 0.0.0.0 255.255.255.255

For extended access lists: Access-List 175 permit ip any any

or Access-List 175 deny tcp 0.0.0.0 255.255.255.255 any

3. Match a specific range

192. -192.

Wildcard: 0.

168. 168.

0.

16. 16.

0.

127 0

127

255. -255.

Wildcard: 0.

255. 255.

0.

255. 255.

0.

255 224

31 Custom Subnet mask:

172. -172.

0.

250. 250.

0.

31. 16. 15.

63 32 31Wildcard:

16

Just like a subnet mask the wildcard mask tells the router what part of the address to check or ignore. Zero (0) must match exactly, one (1) will be ignored.

The source address can be a single address, a range of addresses, or an entire subnet.

As a rule of thumb the wildcard mask is the reverse of the subnet mask.

Example #1: IP Address and subnet mask: 204.100.100.0 255.255.255.0 IP Address and wildcard mask: 204.100.100.0 0.0.0.255

All zero’s (or 0.0.0.0) means the address must match exactly.

Example #2: 10.10.150.95 0.0.0.0 (This address must match exactly.)

One’s will be ignored.

Example #3: 10.10.150.95 0.0.0.255 (Any 10.10.150.0 subnet address will match.

10.10.150.0 to 10.10.150.255)

This also works with subnets.

Example #4: IP Address and subnet mask: 192.170.25.30 255.255.255.224 IP Address and wildcard mask: 192.170.25.30 0.0.0.31

(Subtract the subnet mask from 255.255.255.255 to create the wildcard)

Do the math... 255 - 255 = 0 (This is the inverse of the subnet mask.) 255 - 224 = 31

Example #5: IP Address and subnet mask: 172.24.128.0 255.255.128.0 IP Address and wildcard mask: 172.24.128.0 0.0.127.255

Do the math... (This is the inverse of the subnet mask.)

Creating Wildcard Masks

- - -

255 255 255

255 128 0

0 127 255

= = =

17

Wildcard Mask Problems 1. Create a wildcard mask to match this exact address.

IP Address: 192.168.25.70 Subnet Mask: 255.255.255.0 ___________________________________

2. Create a wildcard mask to match this range. IP Address: 210.150.10.0 Subnet Mask: 255.255.255.0 ___________________________________

3. Create a wildcard mask to match this host. IP Address: 195.190.10.35 Subnet Mask: 255.255.255.0 __________________________________

4. Create a wildcard mask to match this range. IP Address: 172.16.0.0 Subnet Mask: 255.255.0.0 __________________________________

5. Create a wildcard mask to match this range. IP Address: 10.0.0.0 Subnet Mask: 255.0.0.0 __________________________________

6. Create a wildcard mask to match this exact address. IP Address: 165.100.0.130 Subnet Mask: 255.255.255.192 __________________________________

7. Create a wildcard mask to match this range. IP Address: 192.10.10.16 Subnet Mask: 255.255.255.224 __________________________________

8. Create a wildcard mask to match this range. IP Address: 171.50.75.128 Subnet Mask: 255.255.255.192 __________________________________

9. Create a wildcard mask to match this host. IP Address: 10.250.30.2 Subnet Mask: 255.0.0.0 __________________________________

10. Create a wildcard mask to match this range. IP Address: 210.150.28.16 Subnet Mask: 255.255.255.240 __________________________________

11. Create a wildcard mask to match this range. IP Address: 172.18.0.0 Subnet Mask: 255.255.224.0 __________________________________

12. Create a wildcard mask to match this range. IP Address: 135.35.230.32 Subnet Mask: 255.255.255.248 __________________________________

-*D*-*D*-*D*-

-*D*-*D*-*D*IOO

Wildcard Mask Problems Based on the given information list the total number of source addresses for each access list statement.

1. access-list 10 permit 192.168.150.50 0.0.0.0

Answer: __________________________________________________________________

2. access-list 5 permit any

Answer: __________________________________________________________________

3. access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments

Answer: __________________________________________________________________

4. access-list 11 deny 210.10.10.0 0.0.0.255

Answer: __________________________________________________________________

5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255

Answer: __________________________________________________________________

6. access-list 171 deny any host 175.18.24.10 fragments

Answer: __________________________________________________________________

7. access-list 105 permit 192.168.15.0 0.0.0.255 any

Answer: __________________________________________________________________

8. access-list 109 permit tcp 172.16.10.0 0.0.0.255 host 192.168.10.1 eq 80

Answer: __________________________________________________________________

9. access-list 111 permit ip any any

Answer: __________________________________________________________________

10. access-list 195 permit udp 172.30.12.0 0.0.0.127 172.50.10.0 0.0.0.255

Answer: __________________________________________________________________

"34*522)(66

18

#8ID#NQD#O-DO-

#8ODIIJDO-D-*'%*#8ODIIJDO-DNJ

19

11. access-list 110 permit ip 192.168.15.0 0.0.0.3 192.168.30.10 0.0.0.0

Answer: _________________________________________________________________

12. access-list 120 permit ip 192.168.15.0 0.0.0.7 192.168.30.10 0.0.0.0

Answer: _________________________________________________________________

13. access-list 130 permit ip 192.168.15.0 0.0.0.15 192.168.30.10 0.0.0.0

Answer: _________________________________________________________________

14. access-list 140 permit ip 192.168.15.0 0.0.0.31 192.168.30.10 0.0.0.0

Answer: _________________________________________________________________

15. access-list 150 permit ip 192.168.15.0 0.0.0.63 192.168.30.10 0.0.0.0

Answer: _________________________________________________________________

16. access-list 101 Permit ip 192.168.15.0 0.0.0.127 192.168.30.10 0.0.0.0

Answer:__________________________________________________________________

17. access-list 185 permit ip 192.168.15.0 0.0.0.255 192.168.30.0 0.0.0.255

Answer: _________________________________________________________________

18. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 gt 22

Answer: _________________________________________________________________

19. access-list 195 permit icmp 172.85.0.0 0.0.15.255 172.50.10.0 0.0.0.255

Answer: _________________________________________________________________

20. access-list 10 permit 175.15.120.0 0.0.0.255

Answer: _________________________________________________________________

21. access-list 190 permit tcp 192.15.10.0 0.0.0.31 any

Answer: _________________________________________________________________

22. access-list 100 permit ip 10.0.0.0 0.255.255.255 172.50.10.0 0.0.0.255

Answer: _________________________________________________________________

20

Wildcard Mask Problems Based on the given information list the total number of destination addresses for each access list statement.

1.access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments

Answer: __________________________________________________________________

2. access-list 115 permit any any

Answer: __________________________________________________________________

3. access-list 150 permit ip 192.168.30.10 0.0.0.0 192.168.15.0 0.0.0.63

Answer: __________________________________________________________________

4. access-list 120 deny tcp 172.32.4.0 0.0.0.255 192.220.10.0 0.0.0.15

Answer: __________________________________________________________________

5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255

Answer: __________________________________________________________________

6. access-list 101 deny ip 140.130.110.100 0.0.0.0 0.0.0.0 255.255.255.255

Answer: __________________________________________________________________

7. access-list 105 permit any 192.168.15.0 0.0.0.255

Answer: __________________________________________________________________

8. access-list 120 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.7

Answer: __________________________________________________________________

9. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 eq 21

Answer: __________________________________________________________________

10. access-list 150 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.63

Answer: __________________________________________________________________

"34*522)(66

#MID#NQD#-D#

#8ID#NQD#OD-*'%*#8ID#NQD#ODNJ

Writing Standard Access Lists...

Melvin’s Computer

172.16.70.35

Kathy’s Computer

192.168.90.38

E0 E1

Router A

Frank’s Computer 172.16.70.32

Jim’s Computer

192.168.90.36

22

172.16.70.1 192.168.90.2

Write a standard access list to block Melvin’s computer from sending information to Kathy’s computer; but will allow all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.

Place the access list at: Router Name: *******$%&'()*" Interface: ****************,# Access-list #: #-

[Writing and installing an ACL]

Router#*9%3=1B&)(*'()0135;*?%)*9%3=1B*'A Router(config)#*599(66L;16'*#-*2(34*#MID#NDM-DJO

%) *******599(66L;16'*#-*2(34*#MID#NDM-DJO*-D-D-D-

%) *******599(66L;16'*#-*2(34*>%6'*#MID#NDM-DJO

Router(config)#*599(66L;16'*#-*/()01'*-D-D-D-*IOODIOODIOODIOO %)

*******599(66L;16'*#-*/()01'*534 Router(config)#*13'()=59(*(# Router(config-if)#*1/*599(66LB)%&/*#-*%&' Router(config-if)#*(P1' Router(config)#*(P1'

[Viewing information about existing ACL’s]

Router# 6>%:*9%3=1B&)5'1%3 (This will show which access groups are associated with particular interfaces)

Router# 6>%:*599(66*;16'*#- (This will show detailed information about this ACL)

Standard Access List Sample #1

210.30.28.0 Network

S0

23

Write a standard access list to block Jim’s computer from sending information to Frank’s computer; but will allow all other traffic from the 192.168.90.0 network. Permit all traffic from the 210.30.28.0 network to reach the 172.16.70.0 network. Deny all other traffic. Include a remark with each statement of your ACL. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.

Place the access list at: Router Name: *******$%&'()*" Interface: ****************,- Access-list #: IQ

[Writing and installing an ACL]

Router# 9%3=1B&)(*'()0135; Router(config)# 599(66L;16'*IQ*)(05)<*+;%9<*R10*=)%0*)(59>13B*!)53< Router(config)# 599(66L;16'*IQ*2(34*#8ID#NQD8-DJN

%) *599(66L;16'*IQ*2(34*#8ID#NQD8-DJN*-D-D-D-

%) *599(66L;16'*IQ*2(34*>%6'*#8ID#NQD8-DJN

Router(config)# 599(66L;16'*IQ*)(05)<*";;%:*5;;*%'>()*')5==19 Router(config)# 599(66L;16'*IQ*/()01'*#8ID#NQD8-D-*-D-D-DIOO Router(config)# 599(66L;16'*IQ*)(05)<*";;%:*5;;*')5==19 Router(config)# 599(66L;16'*IQ*/()01'*I#-DJ-DIQD-*-D-D-DIOO Router(config)# 13'()=59(*(- Router(config-if)# 1/*599(66LB)%&/*IQ*%&' Router(config-if)# (P1' Router(config)#*(P1' Router#*9%/4*)&3*6'5)'

[Remark Command]

The remark command allows you to place text within the ACL so it can be viewed after it is inserted on the router. It can be viewed using the show run or any command that lists the ACL.

[Disabling ACL’s]

Router# 9%3=1B&)(*'()0135; Router(config)# 13'()=59(*(- Router(config-if)# 3%*1/*599(66LB)%&/*IQ*%&' Router(config-if)# (P1' Router(config)#*(P1'

[Removing an ACL]

Router# 9%3=1B&)(*'()0135; Router(config)# 13'()=59(*(- Router(config-if)# 3%*1/*599(66LB)%&/*IQ*%&' Router(config-if)# (P1' Router(config)# 3%*599(66L;16'*IQ Router(config)#*(P1'

Standard Access List Sample #2

comentarios (0)
No hay comentarios
¡Escribe tu el primero!
Esta solo es una pre-visualización
3 shown on 73 pages
descarga el documento