Di Posting Oleh : Simple Learning
Kategori : Security
Prerequisites: CCNP level skills.
Topology
Pic 1. Topology Diagram.
Task 1
- Lo1: 182.17.77.7/24
- Lo2: 182.81.77.7/24
- Lo3: 190.17.73.7/24
- Lo4: 190.81.73.7/24
- Lo5: 190.81.77.7/24
- Lo6: 182.17.73.7/24
- Lo7: 182.81.73.7/24
- Lo8: 190.17.77.7/24
Task 2
Configure ACL packet filtering on R1 so that the source 10.0.5.0/24 (R5' Lo0) cannot have connectivity to the subnets configured in Task 1. Use only two ACL statements to accomplish the task.
Solution
Task 1
On SW1 configure the following Loopback intefaces:
- Lo1: 182.17.77.7/24
- Lo2: 182.81.77.7/24
- Lo3: 190.17.73.7/24
- Lo4: 190.81.73.7/24
- Lo5: 190.81.77.7/24
- Lo6: 182.17.73.7/24
- Lo7: 182.81.73.7/24
- Lo8: 190.17.77.7/24
SW1 Config:
!
int Lo1
ip address 182.17.77.7 255.255.255.0
!
int Lo2
ip address 182.81.77.7 255.255.255.0
!
int Lo3
ip address 190.17.73.7 255.255.255.0
!
int Lo4
ip address 190.81.73.7 255.255.255.0
!
int Lo5
ip address 190.81.77.7 255.255.255.0
!
int Lo6
ip address 182.17.73.7 255.255.255.0
!
int Lo7
ip address 182.81.73.7 255.255.255.0
!
int Lo8
ip address 190.17.77.7 255.255.255.0
!
router eigrp 1
network 10.0.7.7 0.0.0.0
network 172.16.27.7 0.0.0.0
network 182.0.0.0 0.255.255.255
network 190.0.0.0 0.255.255.255
no auto-summary
!
Task 2
Configure ACL packet filtering on R1 so that the source 10.0.5.0/24 (R5's Lo0) cannot have connectivity to the subnets configured in Task 1. Use only two ACL statements to accomplish the task.
Pic. 2 - Routing Table of R1 (loopbacks advertised).
!
access-list 100 deny ip 10.0.5.0 0.0.0.255 182.17.73.0 8.64.4.255
access-list 100 permit ip any any
!
interface FastEthernet0/1
ip address 172.16.215.1 255.255.255.0
ip access-group 100 in
speed 100
full-duplex
!
Explanation:
Group bytes 1-3 and find the bits that do change in order to find the wildcard mask.
Pic. 3 - Wildcard Mask.
0 Response to "Lab 217 - ACL Complex Matching"
Post a Comment