Chapter 12 Labs

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Permit Traffic The Fiji router is already configured with a standard IP access list number 11. The access list is applied to the FastEthernet0/0 interface. The list should allow all traffic except traffic coming from hosts 55.44.33.22 and 99.88.77.66. You've noticed that it's preventing all traffic from being sent on FastEthernet0/0. You know that access lists contain an implied deny any statement. Any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement, or all traffic is blocked. In this lab, your task is to: Add a permit any statement to the access list 11 to allow all traffic other than the restricted traffic. Save your changes in the startup-config file.

Select Fiji. Press Enter to get started. At the Fiji> prompt, type enable and press Enter. At the Fiji# prompt, type config t and press Enter. At the Fiji(config)# prompt, type access-list 11 permit any and press Enter. Press Ctrl + Z. At the Fiji# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.

Configure Allowed Networks You have a small business network connected to the internet through a single router as shown in the network diagram. Your private network is using a public network address of 177.12.30.128/26. You want to configure access lists on the Serial0/0/0 interface to accomplish the following: Only traffic sent from your private network should be forwarded. Only traffic sent to your private network should be received. To control traffic based on destination address, you need to use an extended access control list. You should also calculate the wildcard mask needed for the subnet as follows: A 26-bit mask uses a mask of 255.255.255.192. For the wildcard mask, subtract each octet from 255. For the last octet, the value will be 255 - 192 = 63. Use the following wildcard mask in the access list statements: 0.0.0.63. In this lab, your task is to: Create two access lists and apply them to the Serial0/0/0 interface using the following information:Access List NumberActionProtocolSource AddressDestination AddressDirection101permitIP177.12.30.128/26Any destinationout102permitIPAny source177.12.30.128/26in When you are finished, save your changes.

Select Router. Press Enter to get started. At the Router> prompt, type enable and press Enter. At the Router# prompt, type config t and press Enter. At the Router(config)# prompt, type access-list 101 permit ip 177.12.30.128 0.0.0.63 any and press Enter. At the Router(config)# prompt, type access-list 102 permit ip any 177.12.30.128 0.0.0.63 and press Enter. At the Router(config)# prompt, type interface s0/0/0 and press Enter. At the Router(config)# prompt, type ip access-group 101 out and press Enter. At the Router(config)# prompt, type ip access-group 102 in and press Enter. Press Ctrl + Z. At the Router# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.

Create Access List Statements You are going to practice creating multiple access list statements and calculating the appropriate wildcard mask value. In this lab, your task is to: Create an extended access list number 133 and add statements to do the following:Deny all IP traffic sent from network 192.168.12.32/28 to network 192.168.1.0/26.Deny all IP traffic sent from any host to network 192.168.17.128/25.Deny all IP traffic sent from network 192.168.1.48/29 to any destination.Deny all IP traffic sent from any host to networks 192.168.111.0/30, 192.168.111.4/30, 192.168.111.8/30, and 192.168.111.12/30. Use a single statement to prevent traffic from all four networks.Find the mask value that summarizes all four networks.Deny all IP traffic sent from network 172.16.32.0/19 to any destination.Allow all other traffic.Apply the access list to the Fa0/0 interface so that it filters traffic after routing decisions are made. When you're finished, save your changes. Before creating the access list, calculate the wildcard mask values that will be used for each access list statement: Number of masked bitsDecimal mask valueWildcard mask calculationWildcard mask value25128255 - 12812726192255 - 1926319 or 27224255 - 2243128240255 - 2401529248255 - 2487 Identify the mask and wildcard value used to summarize networks 192.168.111.0/30, 192.168.111.4/30, 192.168.111.8/30, and 192.168.111.12/30 using the following steps: Convert the last significant octet of the first and the last subnet in the contiguous range to binary. For this example:0 = 0 0 0 0 0 0 0 012 = 0 0 0 0 1 1 0 0 Identify the last consecutive binary bit that is shared. In this case, the last shared bit is the fourth bit position. Convert all bits to the right of the shared bit to 0. In this example, this gives you the binary value of 00000000. This will be the subnet address of the summarized route. In this example, use 192.168.111.0. Convert all bits to the left of the shared bit to 1. In this example, this gives you the binary value of 11110000. This will be the mask value of the summarized route. In this example, use 255.255.255.240. To calculate the wildcard mask, subtract each octet from 255 (255 - 240 = 15). In this example, use the mask of 0.0.0.15 for the summarized network.

Select Router. Press Enter to get started. At the Router> prompt, type enable and press Enter. At the Router# prompt, type config t and press Enter. At the Router(config)# prompt, type access-list 133 deny ip 192.168.12.32 0.0.0.15 192.168.1.0 0.0.0.63 and press Enter. At the Router(config)# prompt, type access-list 133 deny ip any 192.168.17.128 0.0.0.127 and press Enter. At the Router(config)# prompt, type access-list 133 deny ip 192.168.1.48 0.0.0.7 any and press Enter. At the Router(config)# prompt, type access-list 133 deny ip any 192.168.111.0 0.0.0.15 and press Enter. At the Router(config)# prompt, type access-list 133 deny ip 172.16.32.0 0.0.31.255 any and press Enter. At the Router(config)# prompt, type access-list 133 permit ip any any and press Enter. At the Router(config)# prompt, type interface fa0/0 and press Enter. At the Router(config-if)# prompt, type ip access-group 133 out and press Enter. Press Ctrl + Z. At the Router# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.

Block Source Hosts You have a small business network connected to the internet through a single router as shown in the network diagram. You have noticed that three hosts on the internet have been flooding your router with unwanted traffic. As a temporary measure, you want to prevent all communication from these three hosts until the issue is resolved. In this lab, your task is to: Create a standard access list number 25. Add statements to the access list to block traffic from the following hosts:199.68.111.199202.177.9.1211.55.67.11 Add a statement to allow all other traffic from all other hosts. Apply access list 25 to the Serial0/0/0 interface to filter incoming traffic.

Select Router. Press Enter to get started. At the Router> prompt, type enable and press Enter. At the Router# prompt, type config t and press Enter. At the Router(config)# prompt, type access-list 25 deny host 199.68.111.199 and press Enter. At the Router(config)# prompt, type access-list 25 deny host 202.177.9.1 and press Enter. At the Router(config)# prompt, type access-list 25 deny host 211.55.67.11 any and press Enter. At the Router(config)# prompt, type access-list 25 permit any and press Enter. At the Router(config)# prompt, type int s0/0/0 and press Enter. At the Router(config-if)# prompt, type ip access-group 25 in and press Enter.

Restrict Telnet and SSH Access You are in the process of configuring a new router. The router interfaces will connect to the following networks: InterfaceNetworkFastEthernet0/0192.168.1.0/24FastEthernet0/1192.168.2.0/24FastEthernet0/1/0192.168.3.0/24 Only Telnet and SSH access from these three networks should be allowed. In this lab, your task is to: Create a standard access list number 5 using the access-list command. Add a permit statement for each network to the access list. Apply the access list to VTY lines 0-4 using the access-class command. Use the in direction to filter incoming traffic. Save your changes in the startup-config file.

Select Router. Press Enter to get started. At the Router> prompt, type enable and press Enter. At the Router# prompt, type config t and press Enter. At the Router(config)# prompt, type access-list 5 permit 192.168.1.0 0.0.0.255 and press Enter. At the Router(config)# prompt, type access-list 5 permit 192.168.2.0 0.0.0.255 and press Enter. At the Router(config)# prompt, type access-list 5 permit 192.168.3.0 0.0.0.255 and press Enter. At the Router(config)# prompt, type line vty 0 4 and press Enter. At the Router(config-line)# prompt, type access-class 5 in and press Enter. Press Ctrl + Z. At the Router# prompt, type copy run start and press Enter. Press Enter to begin building the configuration.


Ensembles d'études connexes

Chapter 40: Mechanisms of Endocrine Control

View Set

Mastering Ex. 37: Respiratory System Physiology

View Set

DRUGS AFFECTING THE M/F REPRODUCTIVE SYSTEM

View Set

3.2 Multiplexing and De-multiplexingtransport-layer multiplexing and demultiplexing

View Set

Abnormal Psychology: Chapter 7 WSCC

View Set