Difference between revisions of "Exercise Access Control List"
(New page: '''Exercise''' <br/><br/> Following network is given <br/><br/> Image:Übungsbeispiel ACL.JPG <br/><br/> * Each device from the network 192.168.1.0/24 should have access to the two com...) |
|||
| Line 16: | Line 16: | ||
<br/><br/> | <br/><br/> | ||
'''Solution:''' | '''Solution:''' | ||
| − | * Each device from the network 192.168.1.0/24 should have access to the two computer in the network 192.168.3.0/24 | + | * '''Each device from the network 192.168.1.0/24 should have access to the two computer in the network 192.168.3.0/24''' |
access-list 1 permit 192.168.1.0 0.0.0.255 | access-list 1 permit 192.168.1.0 0.0.0.255 | ||
<br/><br/> | <br/><br/> | ||
| − | * Each device from the network 192.168.2.0/24 should have access to every computer in the network 192.168.3.0/24 | + | * '''Each device from the network 192.168.2.0/24 should have access to every computer in the network 192.168.3.0/24 ''' |
access-list 1 deny 192.168.2.2 | access-list 1 deny 192.168.2.2 | ||
access-list 1 permit 192.168.2.0 0.0.0.255 | access-list 1 permit 192.168.2.0 0.0.0.255 | ||
<br/><br/> | <br/><br/> | ||
| − | * From the network 192.168.5.0/24 have only the device 192.168.5.1/24 access to the two PCs in the network 192.168.3.0/24. | + | * '''From the network 192.168.5.0/24 have only the device 192.168.5.1/24 access to the two PCs in the network 192.168.3.0/24.''' |
access-list 1 permit 192.168.5.1 | access-list 1 permit 192.168.5.1 | ||
access-list 1 deny 192.168.5.0 0.0.0.255 -> '''By default, when ACL always all IP addresses blocked,''' | access-list 1 deny 192.168.5.0 0.0.0.255 -> '''By default, when ACL always all IP addresses blocked,''' | ||
| Line 32: | Line 32: | ||
Router(config-if)<nowiki>#</nowiki>ip access-group 1 OUT | Router(config-if)<nowiki>#</nowiki>ip access-group 1 OUT | ||
<br/><br/> | <br/><br/> | ||
| − | * Convert the standard access list in an extended access list. | + | * '''Convert the standard access list in an extended access list.''' |
access-list 101 permit ip 192.168.1.0 0.0.0.255 0.0.0.0 255.255.255.255 | access-list 101 permit ip 192.168.1.0 0.0.0.255 0.0.0.0 255.255.255.255 | ||
<br/><br/> | <br/><br/> | ||
| Line 46: | Line 46: | ||
To no distinction between the protocols to make "'' 'IP'''". IP stands for "any Protocolls" | To no distinction between the protocols to make "'' 'IP'''". IP stands for "any Protocolls" | ||
<br/><br/> | <br/><br/> | ||
| − | * Adding the expanded access list so that all the above access rights but access to PC1 generally prohibited. | + | * '''Adding the expanded access list so that all the above access rights but access to PC1 generally prohibited.''' |
access-list 101 deny any hosts 192.168.3.102 | access-list 101 deny any hosts 192.168.3.102 | ||
<br/><br/> | <br/><br/> | ||
Latest revision as of 09:58, 26 August 2008
Exercise
Following network is given
- Each device from the network 192.168.1.0/24 should have access to the two computer in the network 192.168.3.0/24
- Each device from the network 192.168.2.0/24 should have access to every computer in the network 192.168.3.0/24
Jedes Gerät aus dem Netzwerk 192.168.2.0/24 soll auf die beiden Computer in Netzwerk 192.168.3.0/24 zugreifen können except device 192.168.2.2.
- From the network 192.168.5.0/24 have only the device 192.168.5.1/24 access to the two PCs in the network 192.168.3.0/24.
Aus Netzwerk 192.168.5.0/24 soll nur Gerät 192.168.5.1 auf die beiden PCs in Netzwerk 192.168.3.0/24 zugreifen können.
- Convert the standard access list in an extended access list.
- Adding the expanded access list so that all the above access rights but access to PC1 generally prohibited.
Solution:
- Each device from the network 192.168.1.0/24 should have access to the two computer in the network 192.168.3.0/24
access-list 1 permit 192.168.1.0 0.0.0.255
- Each device from the network 192.168.2.0/24 should have access to every computer in the network 192.168.3.0/24
access-list 1 deny 192.168.2.2
access-list 1 permit 192.168.2.0 0.0.0.255
- From the network 192.168.5.0/24 have only the device 192.168.5.1/24 access to the two PCs in the network 192.168.3.0/24.
access-list 1 permit 192.168.5.1
access-list 1 deny 192.168.5.0 0.0.0.255 -> By default, when ACL always all IP addresses blocked,
about this line is superfluous (default: access-list 1 deny 0.0.0.0 255.255.255.255)
Router(config)#int fa1/0
Router(config-if)#ip access-group 1 OUT
- Convert the standard access list in an extended access list.
access-list 101 permit ip 192.168.1.0 0.0.0.255 0.0.0.0 255.255.255.255
access-list 101 permit ip host 192.168.5.1 0.0.0.0 255.255.255.255
access-list 101 deny ip 192.168.5.0 0.0.0.255 0.0.0.0 255.255.255.255
access-list 101 deny ip host 192.168.2.2 0.0.0.0 255.255.255.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 0.0.0.0 255.255.255.255
Instead of the syntax '0 .0.0.0 255,255,255,255 "can also be used any
To no distinction between the protocols to make " 'IP'". IP stands for "any Protocolls"
- Adding the expanded access list so that all the above access rights but access to PC1 generally prohibited.
access-list 101 deny any hosts 192.168.3.102
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip host 192.168.5.1 any
access-list 101 deny ip 192.168.5.0 0.0.0.255 any
access-list 101 deny ip host 192.168.2.2 any
access-list 101 permit ip 192.168.2.2 0.0.0.255 any
Router(config)# int fa 1/0
Router(config-if)#ip access-group 101 out
