lab 213 - Standard ACL

lab 213 - Standard ACL
Di Posting Oleh : Simple Learning
Kategori : Security

Prerequisites: CCNP level skills.

NOTE!
Initial configuration for this lab can be downloaded here.

Topology

Pic 1. Topology Diagram.

Task 1
Enable EIGRP AS 1 in Vlan 27, Vlan 215, and on frame-relay connections between R1, R2 and R3 (as per topology diagram). Advertise loopbacks of R1, R2, R3, R5, SW1 and SW2 into EIGRP AS 1. Ensure connectivity between all those loopback addresses.

Task 2
Using standard ACL filter out the traffic from Vlan 27 destined for R1's Loopback0 interface (10.0.1.1/24) and all the destinations behind R1.

Task 3
Upon successful completion of the Task 2, remove ACL from the router.

Solution

Task 1
Enable EIGRP AS 1 in Vlan 27, Vlan 215, and on frame-relay connections between R1, R2 and R3 (as per topology diagram). Advertise loopbacks of R1, R2, R3, R5, SW1 and SW2 into EIGRP AS 1. Ensure connectivity between all those loopback addresses.

R1 Config:
!
router eigrp 1
 network 10.0.1.1 0.0.0.0
 network 172.16.123.1 0.0.0.0
 network 172.16.215.1 0.0.0.0
 no auto-summary

!


R2 Config:
!
interface Serial0/0
 ip address 172.16.123.2 255.255.255.0
 encapsulation frame-relay
 no ip split-horizon eigrp 1
 clock rate 2000000
 frame-relay map ip 172.16.123.1 201 broadcast
 frame-relay map ip 172.16.123.2 201
 frame-relay map ip 172.16.123.3 203 broadcast
 no frame-relay inverse-arp
!

router eigrp 1
 network 10.0.2.2 0.0.0.0
 network 172.16.27.2 0.0.0.0
 network 172.16.123.2 0.0.0.0
 no auto-summary

!


R3 Config:
!
router eigrp 1
 network 10.0.3.3 0.0.0.0
 network 172.16.123.3 0.0.0.0
 no auto-summary

!


R5 Config:
!
router eigrp 1
 network 10.0.5.5 0.0.0.0
 network 172.16.215.5 0.0.0.0
 no auto-summary

!


SW1 Config:
! the below command required when you use a real L3 switch not dynamips
ip routing
!
router eigrp 1
 network 10.0.7.7 0.0.0.0
 network 172.16.27.7 0.0.0.0
 no auto-summary

!


SW2 Config:
! the below command required when you use a real L3 switch not dynamips
ip routing
!
router eigrp 1
 network 10.0.8.8 0.0.0.0
 network 172.16.215.8 0.0.0.0
 no auto-summary

!

Verification:
Using tcl script on R2 (tclsh = enters the shell, tclquit = leaves the shell):

foreach address {
10.0.1.1
10.0.2.2
10.0.3.3
10.0.5.5
10.0.7.7
10.0.8.8
} { ping $address }



Pic. 2 - Ping Test.

Task 2
Using standard ACL filter out the traffic from Vlan 27 destined for R1's Loopback0 interface (10.0.1.1/24) and all destinations behind R1

R1 Config:
!
access-list 1 deny   172.16.27.0 0.0.0.255
access-list 1 permit any

!
interface Serial0/0
 ip address 172.16.123.1 255.255.255.0
 ip access-group 1 in
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 172.16.123.2 102 broadcast
 no frame-relay inverse-arp
!


Verification:
Pic. 3 - Ping Test.
Note!
Ping sourced off of Vlan 27 fails, but sourced off of SW1's loopback (not 172.16.27.0) the ping test succeeds.


Task 3
Upon successful completion of the Task 2, remove ACL from the router.

R1 Config:
!
no access-list 1
!
int s0/0
 no ip access-group 1 in
!

0 Response to "lab 213 - Standard ACL"

Post a Comment