|
|
| Author |
Message |
macadam
Joined: 23 Nov 2006
Posts: 7
|
 Posted: Mon Feb 12, 2007 9:15 pm Post subject: ACL help |
 |
|
The company has a server pool in the 209.0.0.0/24 network. The server pool addresses are divided in half. The servers in the upper half of the address range are reachable only by management hosts using all possible IP protocols. The servers in the upper half of the address range are not reachable by production hosts using all IP protocols. The servers in the lower half of the address range are reachable by all LAN hosts using all possible IP protocols.The servers should not be accessible by any other hosts.
LAN
pdoduction host range 192.168.20.25 to 192.168.20.27
management hosts range 192.168.20.28 to 192.168.20.29
subnet mask 255.255.255.248
default gateway 192.168.20.30
WAN
192.168.3.0/24
these security requirements should be accomplished with a single access list. |
|
| Back to top |
|
 |
|
|
john2007
Joined: 21 Jan 2007
Posts: 25
|
| Posted: Wed Feb 14, 2007 12:34 am Post subject: Re: ACL help |
|
|
I hope this wil help u!
1/ The servers in the upper half of the address range are reachable only by management hosts using all possible IP protocols. The servers in the upper half of the address range are not reachable by production hosts using all IP protocols.
Answer:
access-list 100 deny ip 192.168.20.0 0.0.0.7 209.0.0.128 0.0.0.127
2/ The servers in the lower half of the address range are reachable by all LAN hosts using all possible IP protocols.
Answer:
access-list 100 permit ip 192.168.20.0 0.0.0.15 209.0.0.0 0.0.0.255
3/ The servers should not be accessible by any other hosts.
Answer:
access-list 100 deny ip any 209.0.0.0 0.0.0.255
And Finally,you have to aplly the ACLs to an interface,for instance:
interface e0
ip access-group 100 in
I choose access-list 100 extented ACL <100-199>,because it supports the subnetting.Not the standard <1-99>.
That's it mate!
if u have news on CCNA3,4 final exam or Skills based assessment answers,do not hesistate to contact me: jgnaba@gmail.com
Best of luck to you!!! |
|
| Back to top |
|
|
macadam
Joined: 23 Nov 2006
Posts: 7
|
| Posted: Wed Feb 14, 2007 5:53 pm Post subject: Re: ACL help |
|
|
these security requirements should be accomplished with a single access list.
i think it should be a single access list instead of four!
may be i translate this phrase wrong? |
|
| Back to top |
|
|
john2007
Joined: 21 Jan 2007
Posts: 25
|
| Posted: Thu Feb 15, 2007 12:14 am Post subject: Re: ACL help |
|
|
Do you know what single access-list really means?
For the exercise you've given me, the ACL is extended and the number i've chosen is between 100 and 199.i kept using the "100" till the end of all the statements.it is when u change the number that you're doing multiple ACLs! 
The points i have just explained on the above exercise are called statements and have nothing to do with single access-list or multiple.
Therefore there are 4 statements in this single access-list 100.
check it out,mate!
//J |
|
| Back to top |
|
|
macadam
Joined: 23 Nov 2006
Posts: 7
|
| Posted: Sun Feb 18, 2007 12:59 am Post subject: Re: ACL help |
|
|
| thanks a lot!!! |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
