Đang tải... (xem toàn văn)
Quản trị mạng Lab 9-ACL
CCNA LAB No. 9: ACCESS LIST CONFIGURATION Lab time: 1 session Students are recommended to read the entire lab requirement before starting. The TIP session should only be used for troubleshooting. For any problem concerns hardware or losing connectivity, please contact instructor.Topology: Caution: Disable any ACL on an interface before applying any new ACL to it. Task 11. Access the Routers through Access Server.2. Configure the IP addresses on the Ethernet interfaces of routers to be the same subnet with PCs in the lab. RouterX(config)#int e0 RouterX(config-if)#ip address 10.2.0.16X 255.255.255.0 RouterX(config-if)#no shut3. Be sure that the connections between the routers are good and Ping from host to routers’ Ethernet interface is successful.4. Configure telnet access directly to the Ethernet interface of router RouterX(config)#line vty 0 4 RouterX(config-line)#password cisco RouterX(config-line)#login Task 2 1. Use Standard ACL to deny all traffic from a subnet of the host RouterX(config)#access-list 1 deny 10.2.0.0 0.0.0.255 RouterX(config)#access-list 1 permit any2. Use Extended ACL to deny ICMP packets in Ping application but still permit telnet packets RouterX(config)#access-list 100 deny icmp 10.2.0.0 0.0.0.255 host 10.2.0.16X RouterX(config)#access-list 100 permit ip 10.2.0.0 0.0.0.255 10.2.0.16X 0.0.0.0 equal 23 3. Enable web service on router. Use Extended ACL to deny web sessions from the PC to router. RouterX(config)#ip http server RouterX(config)#access-list 100 deny ip 10.2.0.0 0.0.0.255 host 10.2.0.16X equal 80 Evaluates inbound connections to the HTTP server against a standard access list RouterX(config)#ip http access-class <access-list>4. Use access-class to deny telnet sessions in routers RouterX(config)#line vty 0 4 RouterX(config-line)#access-class 100 inBonus Tasks:1. Deny icmp traffic, deny telnet traffic and permit only http traffic to your router2. Try to see whether your PC IP address is odd or even 3. Permit all the odd (or even) IP addresses similar to your PC and deny all the even (or odd) IP addresses of the remaining devices.End of lab 9 . CCNA LAB No. 9: ACCESS LIST CONFIGURATION Lab time: 1 session Students are recommended to read the entire lab requirement. on the Ethernet interfaces of routers to be the same subnet with PCs in the lab. RouterX(config)#int e0 RouterX(config-if)#ip