Di Posting Oleh : Simple Learning
Kategori : Security
Prerequisites: CCNP level skills.
Topology
Pic 1. Topology Diagram.
Task 1
- Lo1: 150.1.20.5/24
- Lo2: 150.1.21.5/24
- Lo3: 150.1.22.5/24
- Lo4: 150.1.23.5/24
Task 2
For security reasons configure EIGRP update filtering on R2 so that it accepts the odd subnets configured on R5 in Task 1. Use standard ACL to match the interesting subnets. Use the fewest lines possible.
Solution
Task 1
On R5 configure loopback interfaces with the following addresses:- Lo1: 150.1.20.5/24
- Lo2: 150.1.21.5/24
- Lo3: 150.1.22.5/24
- Lo4: 150.1.23.5/24
R5 Config:
!
interface Loopback1
ip address 150.1.20.5 255.255.255.0
!
interface Loopback2
ip address 150.1.21.5 255.255.255.0
!
interface Loopback3
ip address 150.1.22.5 255.255.255.0
!
interface Loopback4
ip address 150.1.23.5 255.255.255.0
!
router eigrp 1
network 10.0.5.5 0.0.0.0
network 150.1.0.0
network 172.16.215.5 0.0.0.0
no auto-summary
!
Task 2
Task 2
For security reasons configure EIGRP update filtering on R2 so that it accepts the odd subnets configured on R5 in Task 1. Use standard ACL to match the interesting subnets. Use the fewest lines possible.
Pic. 2 - Routing Table on R2 Before Filtering.
!
access-list 5 deny 150.1.20.0 0.0.2.0
access-list 5 permit any
!
router eigrp 1
network 10.0.2.2 0.0.0.0
network 172.16.27.2 0.0.0.0
network 172.16.123.2 0.0.0.0
distribute-list 5 in Serial0/0
no auto-summary
!
Verification:
Pic. 3 - Routing Table on R2 After Filtering.
Explanation:
20 - 000101000
22 - 000101010
The highlighted bit is the only one that changes. It should be masked using 1 (ignore: value=2). All the remaining bits do not change, so they should be masked with 0 (check).
After verification, remove ACL configured in Task 2.
0 Response to "Lab 216 - ACL Matching Even Network Numbers"
Post a Comment