Lab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1
|
|
- Marcia Armstrong
- 5 years ago
- Views:
Transcription
1 Lab 6: Access Lists Network Topology:- Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1 Fa 0/ Se 0/0/ Fa 0/ R2 Fa 0/ Se 0/0/ Se 0/0/ Fa 0/ R3 Fa 0/ Se 0/0/ PC1 NIC PC2 NIC PC3 NIC PC4 NIC PC5 NIC PC6 NIC PC7 NIC PC8 NIC PC9 NIC PC10 NIC PC11 NIC PC12 NIC HTTP SERVER NIC
2 Objective: In this experiment routers will be configured with standard and extended access-lists, so that some devices/networks won't have access to other devices/networks. Upon Completion You will learn: 1. Preparing access-lists. 2. Setting up router's ACLs. 3. Blocking the traffic movement in the network. Theory: ACLs are basically a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface of a router. When activating an ACL on an interface, you must specify in which direction the traffic should be filtered:- Inbound (as the traffic comes into an interface( Outbound (before the traffic exits an interface) 1) Inbound ACLs:- Incoming packets are processed before they are routed to an outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet will be discarded after it is denied by the filtering tests. If the packet is permitted by the tests, it is processed for routing. 2) Outbound ACLs:- Incoming packets are routed to the outbound interface and then processed through the outbound ACL. Universal fact about Access control list:- 1) ACLs come in two varieties: Numbered and Named. Each of these references to ACLs supports two types of filtering: standard and extended. 2) Standard IP ACLs can filter only on the source IP address inside a packet. 3) Whereas an extended IP ACLs can filter on the source and destination IP addresses in the packet. 4) There are two actions an ACL can take: permit or deny. 5) Statements are processed top-down. 6) Once a match is found, no further statements are processed therefore, order is important. 7) If no match is found, the imaginary implicit deny statement at the end of the ACL drops the packet. 8) An ACL should have at least one permit statement; otherwise, all traffic will be dropped because of the hidden implicit deny statement at the end of every ACL. No matter what type of ACL you use, though, you can have only one ACL per protocol, per interface, per direction. For example, you can have one IP ACL inbound on an interface and another IP ACL outbound on an interface, but you cannot have two inbound IP ACLs on the same interface. Numbered vs. Named ACLs One of the disadvantages of using IP standard and IP extended ACLs is that you reference them by number, which is not too descriptive of its use. With a named ACL, this is not the case because you can name your ACL with a descriptive name. The ACL named DenyMike is a lot more meaningful than an ACL simply numbered 1. There are both IP standard and IP extended named ACLs. 2
3 Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list. Numbered Access List Ranges Standard ACLs Type Range IP Standard 1 99 IP Extended IP Standard Expanded Range IP Extended Expanded Range A standard IP ACL is simple; it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic. Extended ACLs: An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control. Configuration Guidelines 1) Order of statements is important: put the most restrictive statements at the top of the list and the least restrictive at the bottom. 2) ACL statements are processed top-down until a match is found, and then no more statements in the list are processed. 3) If no match is found in the ACL, the packet is dropped (implicit deny.) 4) Each ACL needs either a unique number or a unique name. 5) The router cannot filter traffic that it, itself, originates. 6) You can have only one IP ACL applied to an interface in each direction (inbound and outbound) you can't have two or more inbound or outbound ACLs applied to the same interface. (Actually, you can have one ACL for each protocol, like IP and IPX, applied to an interface in each direction). 7) Applying an empty ACL to an interface permits all traffic by default: in order for an ACL to have an implicit deny statement, you need at least one actual permit or deny statement. 8) Remember the numbers you can use for IP ACLs. Standard ACLs can use numbers ranging 1 99 and , and extended ACLs can use and Wildcard mask is not a subnet mask. Like an IP address or a subnet mask, a wildcard mask is composed of 32 bits when doing the conversion; subtract each byte in the subnet mask from 255 (Wildcard mask = subnet). There are two special types of wildcard masks: and A wildcard mask is called a host mask, and If you enter the router will cover the address and mask to the keyword any. Placement of ACLs In general, Standard ACLs should be placed as close to the destination devices as possible, and Extended ACLs should be placed as close to the source devices as possible. 3
4 Practice1 (Class Work):- Scenario A: You are the administrator of some company's network. The company has instructed you to control the access to different parts on the network according to some "administrational" rules, so you will use Standard ACLs to do that. The topology shown in the figure need routers and PCs to be configured as per the IP addresses listed in table above. The passwords are cisco for user EXEC mode and class for privileged EXEC mode. Use show and ping commands to discover problems and troubleshoot the networks. Also OSPF should be enabled on the routers with one area (area 0). Now you are ready to use Packet Tracer to build your network and apply your lab network ACL schemes. Task 1: Configure PCs and Routers Use the table above to configure the PCs and routers with IP addresses, and activate OSPF routing on the routers Make sure that routing is fully operational using ping command. Task 2: Preventing a Host (PC1) From Accessing a Specific Network ( ) In general, Three basic steps are required to configure Standard Access List:- i. Use the access-list command to create an entry in a standard ACL:- access-list { } {permit deny} [host] source-address [WildcardMask] ii. Use the interface configuration command to select an interface to which to apply the ACL. iii. Use the ip access-group command to activate the existing ACL on an interface:- ip access-group {ACL_number} {in out} Step 1. Since ( ) is connected to R2, we should add an ACL to prevent PC1 there. R2(config)#access-list 1 deny host R2(config)#access-list 1 permit any R2(config)#interface fa0/0 R2(config-if)#ip access-group 1 out R2(config-if)# Step 2. Try pinging PC9 or PC10 from PC1 and from PC2:- PC1 PC9? PC2 PC9? PC9 PC1? Task 3: Preventing a Network ( ) from Accessing Another Network ( ) Step 1. Since ( ) is connected to R1, then the ACL should be added there. R1(config)#access-list 1 deny R1(config)#access-list 1 permit any R1(config)#interface fa0/0 R1(config-if)#ip access-group 1 out Step 2. Try pinging PC1 or PC2 from PC5 and from PC6:- PC5 PC1? PC6 PC2? PC1 PC6? PC1 PC5? 4
5 Task 4: Preventing IP Range ( ) From Accessing a Network ( ) Step 1. First we need to find the wildcard mask, which can be easily found (follow lecturer instructions). Now the new ACL should be applied on R3. R3(config)#access-list 1 deny R3(config)#access-list 1 permit any R3(config)#interface fa0/0 R3(config-if)#ip access-group 1 out Step 2. Try pinging PC1 or PC2 from PC5 and from PC6:- PC7 PC5? PC10 PC6? PC5 PC10? PC6 PC7? Scenario B: Now, the company asked you for more filtering in the network, so you have to use Extended ACLs to do that. In general, The same three steps from standard ACL are applicable for Extended ACL, but with different access-list command syntax (also, the ACL range is between or ):- access-list access-list-number {permit deny} protocol [host] source source-wildcard [[host] destination destination-wildcard] [established] [log] [eq port number] Task 5: Preventing a Host (PC3) From Accessing Another Host (PC2) Step 1. This time, the ACL should be at R1. R1(config)#access-list 101 deny ip host host R1(config)#access-list 101 permit ip any any R1(config)#interface fa0/1 R1(config-if)#ip access-group 101 in R1(config)# Step 2. Try pinging PC2 from PC3 and vice versa:- PC2 PC3? PC3 PC2? PC3 PC1? Task 6: Allowing a Network ( ) Only to Access a Host (HTTP Server) Using HTTP Step 1. Here, the ACL should be at R2, and we'll use the eq part of the syntax (HTTP port is TCP80) R2(config)#access-list 101 permit tcp host eq 80 R2(config)#access-list 101 deny ip any any R2(config)#interface fa0/1 R2(config-if)#ip access-group 101 out 5
6 Step 2. Try opening ( ) in a web browser from PC5, PC6 and PC3:- PC5 ( )? PC6 ( )? PC3 ( )? Task 5: Documentation On each switch and the router, save the running configuration using (copy running-config startup-config) command, then save your Packet Tracer's file. 6
7 Practice2 (Homework):- Network Topology:- R1 R2 R3 R4 Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 1/ Fa 1/ Se 0/ Se 0/ Se 0/ Fa 0/ Fa 0/ Se 0/0/ Se 0/0/ Fa 1/ Fa 1/ Se 0/ Se 0/ Se 0/ Fa 0/ Fa 0/ Se 0/0/ Se 0/0/
8 Device Interface IP Address Subnet Mask Gateway/Clock Rate PC1 NIC PC2 NIC PC3 NIC PC4 NIC PC5 NIC PC6 NIC PC7 NIC FTP SERVER NIC PC8 NIC PC9 NIC PC10 NIC PC11 NIC PC12 NIC PC13 NIC PC14 NIC PC15 NIC Scenario: You have built a network for a company, which had the configurations shown above. Also to mentioned that all routers have (cisco) as a console password and (class) for the privilege mode. Task 1: Configure OSPF Routing You have to activate OSPF routing in all routers (Area 0 only). Task 2: Prevent IP range ( ) From Accessing The Network ( /26) You should use Standard ACL Don't forget the rules! Task 3: Allow IP range ( ) and The Host ( ) Only to Access The Network ( /26) Again, you should use Standard ACL Don't forget the rules! Task 4: Prevent PC3 ( ) From Accessing PC13 ( ) It is time for Extended ACL! Again don't forget the rules! Task 5: Allow IP range ( ) Only to Access FTP Server ( ) through FTP Here you have to use Extended ACL and wisely choose the right router to put it on. Also you should use the eq part of access-list command (there are two ports used by FTP: TCP20 and TCP21, so you have to add two permit sentences) Task 6: Use ping command to confirm that all ACLs are working properly. Task 5: Documentation Save the running configuration on each router, then save your Packet Tracer's file. Please make sure that the completion percentage is 100% at this stage, else you have to go back and verify your network settings. Also, don't forget to save the file and rename it to be LAB6PracticalWork-XXXX, where XXXX represents your student number. 8
PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)
PT Activity: Configuring a Zone-Based Policy Firewall (ZPF) Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 R2 R3 Fa0/1 192.168.1.1 255.255.255.0
More informationPT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram
Topology Diagram All contents are Copyright 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6 Addressing Table Device Interface IP Address Subnet Mask
More informationLab - Troubleshooting ACL Configuration and Placement Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway HQ G0/1 192.168.1.1
More informationLab Configuring and Verifying Extended ACLs Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationStudy Guide. Using ACLs to Secure Networks
CHAPTER 5 ACLs The Study Guide portion of this chapter uses a combination of matching, multiple-choice, and open-ended question exercises to test your knowledge of the various types of access control lists
More informationCCNA Discovery 3 Chapter 8 Reading Organizer
Name Date Chapter 8 Reading Organizer After completion of this chapter, you should be able to: Describe traffic filtering and explain how Access Control Lists (ACLs) can filter traffic at router interfaces.
More informationCCNA Access List Questions
CCNA Access List Questions Here you will find answers to CCNA Access list questions Note: If you are not sure about how to use Access list, please read my Access list tutorial Question 1 Your boss is learning
More informationRouter and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface
CCNA4 Chapter 5 * Router and ACL By default, a router does not have any ACLs configured and therefore does not filter traffic. Traffic that enters the router is routed according to the routing table. *
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationLab Configuring and Verifying Standard ACLs Topology
Topology 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationAntonio Cianfrani. Access Control List (ACL) Part I
Antonio Cianfrani Access Control List (ACL) Part I Index ACL? How to configure Standard ACL Extended ACL Named ACL Limiting the vty access ACL (1/3) Control lists applied to traffic incoming in / outgoing
More informationLab 5: Inter-VLANs Routing
Lab 5: Inter-VLANs Routing Network Topology:- Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/0.10 10.5.0.1 255.255.255.192 ----- R1 Fa 0/0.20 10.6.0.1 255.255.255.192 ----- Fa 0/0.30 10.10.0.1
More information2002, Cisco Systems, Inc. All rights reserved.
2002, Cisco Systems, Inc. All rights reserved. Configuring IP Access Lists 2002, Cisco Systems, Inc. All All rights reserved. ICND v2.0 6-2 2 Objectives Upon completing this lesson, you will be able to:
More informationImplementing Traffic Filtering with ACLs
Implementing Traffic Filtering with ACLs Managing Network Device Security 2013 Cisco Systems, Inc. ICND1 3-36 How can you restrict Internet access for PC2? 2013 Cisco Systems, Inc. ICND1 3-37 ACL operation
More informationUnderstanding Access Control Lists (ACLs) Semester 2 v3.1
1 Understanding Access Control Lists (ACLs) Access Control Lists 2 Access control lists (ACLs) are lists of instructions you apply to a router's interface. These lists tell the router what kinds of packets
More informationIP Named Access Control Lists
Access control lists (ACLs) perform packet filtering to control the movement of packets through a network. Packet filtering provides security by limiting the access of traffic into a network, restricting
More informationLab Configuring and Verifying Standard IPv4 ACLs Topology
Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 10 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationLab 9.6.1: Basic EIGRP Configuration Lab
Lab 9.6.1: Basic EIGRP Configuration Lab Topology Diagram Address Table 1 Learning Objectives Upon completion of this lab, you will be able to: Cable a network according to the Topology Diagram. Erase
More informationLab 4: Routing using OSPF
Network Topology:- Lab 4: Routing using OSPF Device Interface IP Address Subnet Mask Gateway/Clock Description Rate Fa 0/0 172.16.1.17 255.255.255.240 ----- R1 LAN R1 Se 0/0/0 192.168.10.1 255.255.255.252
More informationLab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)
(Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or
More informationPT Activity: Configure AAA Authentication on Cisco Routers
PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2
More information2016 Braindump2go Valid Cisco Exam Preparation Materials:
2016 NEW Cisco CCNP Routing and Switching 300-101: Implementing Cisco IP Routing (ROUTE) Exam Questions and Answers RELEASED in Braindump2go.com Online IT Study Website Today! 2016 Braindump2go Valid Cisco
More informationAccess Control List Overview
Access lists filter network traffic by controlling the forwarding or blocking of packets at the interface of a device. A device examines each packet to determine whether to forward or drop that packet,
More informationLab : Challenge OSPF Configuration Lab. Topology Diagram. Addressing Table. Default Gateway. Device Interface IP Address Subnet Mask
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Fa0/0 HQ S0/0/0 S0/0/1 Lo1 10.10.10.1 255.255.255.252 Fa0/0 Branch1 S0/0/0 S0/0/1 Fa0/0 Branch2 S0/0/0 S0/0/1 PC1
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This feature lets you use
More informationTeacher s Reference Manual
UNIVERSITY OF MUMBAI Teacher s Reference Manual Subject: Security in Computing Practical with effect from the academic year 2018 2019 Practical 1: Packet Tracer - Configure Cisco Routers for Syslog, NTP,
More informationConfiguring Network Security with ACLs
26 CHAPTER This chapter describes how to use access control lists (ACLs) to configure network security on the Catalyst 4500 series switches. Note For complete syntax and usage information for the switch
More informationLab b Simple DMZ Extended Access Lists Instructor Version 2500
Lab 11.2.3b Simple DMZ Extended Access Lists Instructor Version 2500 Objective In this lab, the use of extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 372-833 CCNA 2:
More informationInspection of Router-Generated Traffic
Inspection of Router-Generated Traffic The Inspection of Router-Generated Traffic feature allows Context-Based Access Control (CBAC) to inspect traffic that is originated by or destined to the router on
More informationSybex CCENT Chapter 12: Security. Instructor & Todd Lammle
Sybex CCENT 100-101 Chapter 12: Security Instructor & Todd Lammle Chapter 12 Objectives The CCENT Topics Covered in this chapter include: IP Services Describe the types, features, and applications of ACLs
More informationPacket Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI
Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI Topology Addressing Table R1 R2 R3 Device Interface IP Address Subnet Mask Default Gateway Switch Port G0/0 192.168.1.1 255.255.255.0
More informationConfiguring Commonly Used IP ACLs
Configuring Commonly Used IP ACLs Document ID: 26448 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration Examples Allow a Select Host to Access the Network Deny a
More informationIP Access List Entry Sequence Numbering
The feature allows you to apply sequence numbers to permit or deny statements as well as reorder, add, or remove such statements from a named IP access list. The IP Access List Entry Sequence Numbering
More informationLab 5.6.2: Challenge RIP Configuration
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway BRANCH HQ ISP PC1 PC2 PC3 Fa0/0 S0/0/0 Fa0/0 S0/0/0 S0/0/1 Fa0/0 S0/0/1 NIC NIC NIC Learning Objectives Upon completion
More informationIP Access List Overview
Access control lists (ACLs) perform packet filtering to control which packets move through a network and to where. The packet filtering provides security by helping to limit the network traffic, restrict
More informationLab b Simple Extended Access Lists
Lab 11.2.2b Simple Extended Access Lists 1-7 CCNA 2: Simple Extended Access Lists v 3.1 - Lab 11.2.2b Copyright 2003, Cisco Systems, Inc. Objective Scenario In this lab, configuring extended access lists
More informationLab Configure Cisco IOS Firewall CBAC on a Cisco Router
Lab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab, students
More information7 Filtering and Firewalling
7 Filtering and Firewalling 7.1 Introduction Security is becoming a major concern in IT, and A major concern in networking and the Internet, and wireless systems are probably more open to abuse than any
More informationFirewall Stateful Inspection of ICMP
The feature categorizes Internet Control Management Protocol Version 4 (ICMPv4) messages as either malicious or benign. The firewall uses stateful inspection to trust benign ICMPv4 messages that are generated
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This feature lets you use
More informationIPv6 Access Control Lists
Access lists determine what traffic is blocked and what traffic is forwarded at device interfaces and allow filtering of traffic based on source and destination addresses, and inbound and outbound traffic
More informationIP Access List Entry Sequence Numbering
The feature allows you to apply sequence numbers to permit or deny statements as well as reorder, add, or remove such statements from a named IP access list. The IP Access List Entry Sequence Numbering
More informationIP Access List Entry Sequence Numbering
The feature allows you to apply sequence numbers to permit or deny statements as well as reorder, add, or remove such statements from a named IP access list. The IP Access List Entry Sequence Numbering
More informationObject Groups for ACLs
The feature lets you classify users, devices, or protocols into groups and apply these groups to access control lists (ACLs) to create access control policies for these groups. This feature lets you use
More informationAccess Control List Network Solution for Cleveland Branch Offices Kevin O Neal DeVry University NETW208: Accessing the WAN
1 Access Control List Network Solution for Cleveland Branch Offices Kevin O Neal DeVry University NETW208: Accessing the WAN Submitted to: Professor: Hopkins Date: 10.-7-2012 Implementation and Creation
More informationLab b Standard ACLs Instructor Version 2500
Lab 11.2.1b Standard ACLs Instructor Version 2500 Objective Scenario Plan, configure, and apply a standard ACL to permit or deny specific traffic and test the ACL to determine if the desired results were
More informationInformation about Network Security with ACLs
This chapter describes how to configure network security on the switch by using access control lists (ACLs), which in commands and tables are also referred to as access lists. Finding Feature Information,
More informationChapter 9 RIP Commands
Chapter 9 RIP Commands default-metric Defines the global default-metric value that will be assigned to all external routes imported into RIP for redistribution. RIP must be active on the routing switch
More informationAccess Control Lists and IP Fragments
Access Control Lists and IP Fragments Document ID: 8014 Contents Introduction Types of ACL Entries ACL Rules Flowchart How Packets Can Match an ACL Example 1 Example 2 fragments Keyword Scenarios Scenario
More informationCCNA MCQS with Answers Set-1
CCNA MCQS with Answers Set-1 http://freepdf-books.com CCNA MCQS with Answers Set-1 Question 1# - Which of the following are ways to provide login access to a router? (choose all that apply) A. HTTP B.
More informationCisco CCNA ACL Part II
Cisco CCNA ACL Part II Cisco CCNA Access List Applications This slide illustrates common uses for IP access lists. While this chapter focuses on IP access lists, the concept of access lists as mechanisms
More informationCisco EXAM CCNA Cisco Certified Network Associate. Buy Full Product.
Cisco EXAM - 200-120 CCNA Cisco Certified Network Associate Buy Full Product http://www.examskey.com/200-120.html Examskey Cisco 200-120 exam demo product is here for you to test the quality of the product.
More informationConfiguring IPv6 ACLs
CHAPTER 37 When the Cisco ME 3400 Ethernet Access switch is running the metro IP access image, you can filter IP Version 6 (IPv6) traffic by creating IPv6 access control lists (ACLs) and applying them
More informationDevice Interface IP Address Subnet Mask Default Gateway
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway BRANCH HQ ISP Fa0/0 172.20.1.129 255.255.255.128 N/A S0/0/0 172.20.1.1 255.255.255.128 N/A Fa0/0 172.20.0.129 255.255.255.128
More informationEIGRP Support for Route Map Filtering
The feature enables Enhanced Interior Gateway Routing Protocol (EIGRP) to interoperate with other protocols to leverage additional routing functionality by filtering inbound and outbound traffic based
More informationLab 9.6.2: Challenge EIGRP Configuration Lab
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway HQ BRANCH1 BRANCH2 PC1 PC2 PC3 Fa0/0 S0/0/0 S0/0/1 Lo1 Fa0/0 S0/0/0 S0/0/1 Fa0/0 S0/0/0 S0/0/1 NIC NIC NIC All
More informationLab 2.8.1: Basic Static Route Configuration
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 Fa0/0 172.16.3.1 255.255.255.0 N/A S0/0/0 172.16.2.1 255.255.255.0 N/A Fa0/0 172.16.1.1 255.255.255.0 N/A R2
More informationLab 2.8.2: Challenge Static Route Configuration
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway BRANCH HQ ISP PC1 PC2 Web Server Fa0/0 S0/0/0 Fa0/0 S0/0/0 S0/0/1 209.165.201.2 255.255.255.252 Fa0/0 209.165.200.225
More informationVLAN Access Control Lists
VLAN access control lists (ACLs) or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps to filter traffic between devices in the same VLAN. VLAN maps are configured to provide
More informationLab Catalyst 2950 and 3550 Series Intra-VLAN Security
Lab 7.2.5.1 Catalyst 2950 and 3550 Series Intra-VLAN Security Objective Scenario Configure intra-vlan security with Access Control Lists (ACLs) using the command-line interface (CLI) mode. This lab will
More informationObject Groups for ACLs
Object Groups for ACLs Last Updated: January 18, 2012 The Object Groups for ACLs feature lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs)
More informationV Commands. virtual ip, page 2 virtual ipv6, page 5 vrf, page 8. Cisco Nexus 7000 Series NX-OS Intelligent Traffic Director Command Reference 1
virtual ip, page 2 virtual ipv6, page 5 vrf, page 8 1 virtual ip virtual ip To configure the virtual IPv4 address of an Intelligent Traffic Director (ITD) service, use the virtual ip command. To remove
More informationTELECOMMUNICATION MANAGEMENT AND NETWORKS
QUAID-E-AWAM UNIVERSITY OF ENGINEERING SCIENCE AND TECHNOLOGY, NAWABSHAH TELECOMMUNICATION MANAGEMENT AND NETWORKS LAB # 3 CONFIGURING INTERFACES OF ROUTER AND SWITCH Topology Diagram Addressing Table
More informationConfiguring an IP ACL
9 CHAPTER This chapter describes how to configure IP access control lists (ACLs). This chapter includes the following sections: Information About ACLs, page 9-1 Prerequisites for IP ACLs, page 9-5 Guidelines
More informationVLAN Access Control Lists
VLAN access control lists (ACLs) or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps to filter traffic between devices in the same VLAN. VLAN maps are configured to provide
More informationRouters use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.
8.1. Access List Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list. Access lists describe the traffic type that will be controlled.
More informationBGP Named Community Lists
The feature allows the network operator to assign meaningful names to community lists and increases the number of community lists that can be configured. Finding Feature Information, page 1 Information
More informationLab Configuring OSPF Timers
Lab 2.3.5 Configuring OSPF Timers Objective Setup an IP addressing scheme for OSPF area. Configure and verify OSPF routing. Modify OSPF interface timers to adjust efficiency of network. Background/Preparation
More informationAccess Control List Enhancements on the Cisco Series Router
Access Control List Enhancements on the Cisco 12000 Series Router Part Number, May 30, 2008 The Cisco 12000 series router filters IP packets using access control lists (ACLs) as a fundamental security
More informationLab 1.3.2: Review of Concepts from Exploration 1 - Challenge
Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge Topology Diagram Learning Objectives Upon completion of this lab, you will be able to: Create a logical topology given network requirements
More informationIP Access List Overview
Access control lists (ACLs) perform packet filtering to control which packets move through the network and where. Such control provides security by helping to limit network traffic, restrict the access
More informationConfiguring Cache Services Using the Web Cache Communication Protocol
Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How
More informationInterconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview
Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview This course will teach students about building a simple network, establishing internet connectivity, managing network device security,
More informationLab10- Configuring EIGRP
Lab10- Configuring EIGRP Topology Lab10- Configuring EIGRP Page 1 Learning Objectives Upon completion of this lab, you will be able to: Cable a network according to the Topology Diagram. Erase the startup
More informationTroubleshooting Network analysis Software communication tests and development Education. Protocols used for communication (10 seconds capture)
Lab 1 Wireshark Wireshark is an open source and free packet analyser used for many purposes, such as: Troubleshooting Network analysis Software communication tests and development Education This reports
More informationCCENT Study Guide. Chapter 9 IP Routing
CCENT Study Guide Chapter 9 IP Routing Chapter 9 Objectives The CCENT Topics Covered in this chapter include: 3.0 Routing Technologies 3.1 Describe the routing concepts. 3.1.a Packet handling along the
More informationCCNA Exam File with Answers. Note: Underlines options are correct answers.
CCNA Exam File with Answers. Note: Underlines options are correct answers. 1. Which of the following are ways to provide login access to a router? (choose all that apply) A. HTTP B. Aux Port /TELNET C.
More informationEXAM - HP0-Y52. Applying HP FlexNetwork Fundamentals. Buy Full Product.
HP EXAM - HP0-Y52 Applying HP FlexNetwork Fundamentals Buy Full Product http://www.examskey.com/hp0-y52.html Examskey HP HP0-Y52 exam demo product is here for you to test the quality of the product. This
More informationImplementing Access Lists and Prefix Lists
An access control list (ACL) consists of one or more access control entries (ACE) that collectively define the network traffic profile. This profile can then be referenced by Cisco IOS XR softwarefeatures
More informationChapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS
Chapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2017 Cisco and/or its affiliates. All rights
More informationPacket Tracer - Connect a Router to a LAN (Instructor Version)
(Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IP Address Subnet Mask Default
More informationReflexive Access List Commands
Reflexive Access List Commands This chapter describes reflexive access list commands, which are used to configure IP session filtering. IP session filtering provides the ability to filter IP packets based
More informationSybex CCENT Chapter 8: IP Routing. Instructor & Todd Lammle
Sybex CCENT 100-101 Chapter 8: IP Routing Instructor & Todd Lammle Chapter 8 Objectives The CCENT Topics Covered in this chapter include: IP Routing Technologies Describe basic routing concepts CEF Packet
More informationChapter 4 Software-Based IP Access Control Lists (ACLs)
Chapter 4 Software-Based IP Access Control Lists (ACLs) This chapter describes software-based ACLs, which are ACLs that processed traffic in software or CPU. (This type of ACL was also referred to as flow-based
More informationLab 6.4.2: Challenge Inter-VLAN Routing
Lab 6.4.2: Challenge Inter-VLAN Routing Topology Diagram Addressing Table Device (Hostname) Interface IP Address Subnet Mask Default Gateway S1 VLAN 99 192.168.99.11 255.255.255.0 192.168.99.1 S2 VLAN
More informationExtended ACL Configuration Mode Commands
Extended ACL Configuration Mode Commands To create and modify extended access lists on a WAAS device for controlling access to interfaces or applications, use the ip access-list extended global configuration
More informationLab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP
CCNA Security Lab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP Topology Note: ISR G2 devices use GigabitEthernet interfaces instead of FastEthernet Interfaces. 2015 Cisco and/or its affiliates.
More informationLab Configure Cisco IOS Firewall CBAC
Lab 3.8.3 Configure Cisco IOS Firewall CBAC Objective Scenario Topology Estimated Time: 50 minutes Number of Team Members: Two teams with four students per team. In this lab, students will complete the
More informationThis document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and
This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Exploration:
More informationFirewall Simulation COMP620
Firewall Simulation COMP620 Firewall Simulation The simulation allows participants to configure their own simulated firewalls using Cisco-like syntax. Participants can take benign or malicious actions
More informationLab Configure Service Object Groups using ASDM
Lab 9.2.3 Configure Service Object Groups using ASDM Objective Scenario In this lab, the students will complete the following tasks: Configure an inbound access control list (ACL) with object groups. Configure
More informationLab b Simple DMZ Extended Access Lists
Lab 11.2.3b Simple DMZ Extended Access Lists Objective In this lab, the use of extended access lists to create a simple DeMilitarized Zone (DMZ) will be learned. 1-9 CCNA 2: Routers and Routing Basics
More informationConfiguring IP Session Filtering (Reflexive Access Lists)
Configuring IP Session Filtering (Reflexive Access Lists) This chapter describes how to configure reflexive access lists on your router. Reflexive access lists provide the ability to filter network traffic
More informationChapter 4: Manipulating Routing
: Manipulating Routing Updates CCNP ROUTE: Implementing IP Routing ROUTE v6 1 Objectives Describe network performance issues and ways to control routing updates and traffic (3). Describe the purpose of
More informationCCNA Semester 2 labs. Labs for chapters 2 10
CCNA Semester 2 labs Labs for chapters 2 10 2.2.2.5 Lab - Configuring IPv4 Static and Default Routes 2.3.2.4 Lab - Troubleshooting Static Routes 3.2.1.9 Lab - Configuring Basic RIPv2 5.2.2.9 Lab - Configuring
More informationGSS Administration and Troubleshooting
CHAPTER 9 GSS Administration and Troubleshooting This chapter covers the procedures necessary to properly manage and maintain your GSSM and GSS devices, including login security, software upgrades, GSSM
More informationTable of Contents. Cisco Configuring IP Access Lists
Table of Contents Configuring IP Access Lists...1 Introduction...1 Prerequisites...2 Requirements...2 Components Used...2 Conventions...2 ACL Concepts...2 Masks...2 ACL Summarization...3 Process ACLs...4
More informationLab Troubleshooting VTP Configuration
Lab 4.4.3 Troubleshooting VTP Configuration Topology Diagram Addressing Table Device (Hostname) Interface IP Address Subnet Mask S1 VLAN 99 172.17.99.11 255.255.255.0 S2 VLAN 99 172.17.99.12 255.255.255.0
More informationThis appendix contains job aids and supplements for the following topics: Extending IP Addressing Job Aids Supplement 1: Addressing Review Supplement
This appendix contains job aids and supplements for the following topics: Extending IP Addressing Job Aids Supplement 1: Addressing Review Supplement 2: IP Access Lists Supplement 3: OSPF Supplement 4:
More information