Di Posting Oleh : Simple Learning
Kategori : Security
Prerequisites: CCNP level skills.
NOTE!
Initial configuration for this lab can be downloaded here.
Topology
Pic 1. Topology Diagram.
Task 1
Enable HTTP service on R5 for testing purposes.
Task 2
On R5 configure ACL which is going to block HTTP traffic from Vlan 27 towards R5's loopback address (10.0.5.5). HTTP traffic from any source towards 172.16.215.5 destination should be allowed. All other traffic should be allowed as well.
Solution
R5 Config:
!
ip http server
!
Task 2
On R5 configure ACL which is going to block HTTP traffic from Vlan 27 towards R5's loopback address (10.0.5.5). HTTP traffic from any source towards 172.16.215.5 destination should be allowed. All other traffic should be allowed as well.
R5 Config:
!
access-list 100 deny tcp 172.16.27.0 0.0.0.255 host 10.0.5.5 eq www
access-list 100 permit ip any any!
interface FastEthernet0/1
ip address 172.16.215.5 255.255.255.0
ip access-group 100 in
speed 100
full-duplex
!
Verification:
Task 2
On R5 configure ACL which is going to block HTTP traffic from Vlan 27 towards R5's loopback address (10.0.5.5). HTTP traffic from any source towards 172.16.215.5 destination should be allowed. All other traffic should be allowed as well.
Solution
Task 1
Enable HTTP service on R5 for testing purposes.R5 Config:
!
ip http server
!
Task 2
On R5 configure ACL which is going to block HTTP traffic from Vlan 27 towards R5's loopback address (10.0.5.5). HTTP traffic from any source towards 172.16.215.5 destination should be allowed. All other traffic should be allowed as well.
R5 Config:
!
access-list 100 deny tcp 172.16.27.0 0.0.0.255 host 10.0.5.5 eq www
access-list 100 permit ip any any!
interface FastEthernet0/1
ip address 172.16.215.5 255.255.255.0
ip access-group 100 in
speed 100
full-duplex
!
Verification:
Pic. 2 - Telnet Test.
0 Response to "Lab 214 - Extended ACL"
Post a Comment