Di Posting Oleh : Simple Learning
Kategori : Security
Prerequisites: CCNP level skills.
NOTE!
Initial configuration for this lab can be downloaded here.
Topology
Pic 1. Topology Diagram.
Task 1
Task 2
Configure an extended ACL on R3 allowing all TCP traffic from EIGRP AS 1 reach 10.100.100.0/24 only if it was originated from EIGRP AS 1.
Solution
Task 1
On BB1 enable static routing towards 172.16.0.0 subnets using R3 as the gateway. Create Loopback0 address on BB2 with the address of 10.101.101.254/24. Ensure R3 is the gateway of last resort for EIGRP AS 1. You can use a static route to accomplish the task.BB1 Config:
!
interface Loopback0
ip address 10.101.101.254 255.255.255.0
!
ip route 172.16.0.0 255.255.0.0 203.0.113.3
!
R3 Config:
!
ip route 0.0.0.0 0.0.0.0 203.0.113.254
!
router eigrp 1
redistribute static metric 1 1 1 1 1
network 10.0.3.3 0.0.0.0
network 172.16.123.3 0.0.0.0
no auto-summary
!
Verification:
Pic. 2 - Ping/Traceroute Test.
Configure an extended ACL on R3 allowing all TCP traffic from EIGRP AS 1 reach 10.100.100.0/24 only if it was originated from EIGRP AS 1.
R3 Config:
!
access-list 100 permit tcp any 172.16.0.0 0.0.255.255 established
!
interface FastEthernet0/0
ip address 203.0.113.3 255.255.255.0
ip access-group 100 in
speed 100
full-duplex
!
Verification:
Pic. 3 - TCP Traffic Originated From EIGRP AS 1.
Pic. 4 - Traffic Originated Outside EIGRP AS 1.
0 Response to "Lab 215 - Extended ACL Established"
Post a Comment