Di Posting Oleh : Simple Learning
Kategori : Security
Prerequisites: CCNP level skills.
NOTE!
Initial configuration for this lab can be downloaded here.
Topology
On BB1 enable static routing towards 172.16.0.0 subnets using R3 as the gateway. Create Loopback0 address on BB2 with the address of 10.101.101.254/24. Ensure R3 is the gateway of last resort for EIGRP AS 1. You can use a static route to accomplish the task.
Task 2
Configure an extended ACL on R3 allowing all TCP traffic from EIGRP AS 1 reach 10.100.100.0/24 only if it was originated from EIGRP AS 1.
Solution
Task 1
On BB1 enable static routing towards 172.16.0.0 subnets using R3 as the gateway. Create Loopback0 address on BB2 with the address of 10.101.101.254/24. Ensure R3 is the gateway of last resort for EIGRP AS 1. You can use a static route to accomplish the task.BB1 Config:
!
interface Loopback0
ip address 10.101.101.254 255.255.255.0
!
ip route 172.16.0.0 255.255.0.0 203.0.113.3
!
R3 Config:
!
ip route 0.0.0.0 0.0.0.0 203.0.113.254
!
router eigrp 1
redistribute static metric 1 1 1 1 1
network 10.0.3.3 0.0.0.0
network 172.16.123.3 0.0.0.0
no auto-summary
!
Verification:
Pic. 2 - Ping/Traceroute Test.
Configure an extended ACL on R3 allowing all TCP traffic from EIGRP AS 1 reach 10.100.100.0/24 only if it was originated from EIGRP AS 1.
R3 Config:
!
access-list 100 permit tcp any 172.16.0.0 0.0.255.255 established
!
interface FastEthernet0/0
ip address 203.0.113.3 255.255.255.0
ip access-group 100 in
speed 100
full-duplex
!
Verification:
Pic. 3 - TCP Traffic Originated From EIGRP AS 1.
Pic. 4 - Traffic Originated Outside EIGRP AS 1.
0 Response to "Lab 215 - Extended ACL Established"
Post a Comment