Your job is to examine the access lists to see whether they meet the stated goals. You are to make corrections to the configurations as needed. The trouble ticket for this is shown as follows. Investigate the access list configurations, make corrections or modifications to the network as necessary, and report your findings. Use access list 1 for standard and 101 for extended when numbering your access lists.
The objective of this exercise is to verify that the access lists provided on Routers R1, R2, R3, and
R4 have been properly configured to meet the following stated goals.
Access list goals:
? Only HTML traffic can access the web server through the 192.168.2.2 interface on Router R2.
The rest of the server subnet has no restrictions.
? Only the Finance department subnet (192.168.1.0) can access the financial database subnet.
? The Lobby Kiosk PC, connected to the Fa0/0 interface on Router R3, can only access the web
server; the rest of the kiosk subnet (192.168.3.0) has no restrictions.
PC Assignments
PC1: Finance department
IP address: 192.168.1.2/24
Gateway: 192.168.1.1
PC2: Web server
IP address: 192.168.2.2/24
Gateway: 192.168.2.1
PC3: Lobby kiosk
IP address: 192.168.3.2/24
Gateway: 192.168.3.1
PC4: Financial database
IP address: 192.168.4.2/24
Gateway: 192.168.4.1
You can find the problems in this lab by examining the network configuration and looking for
errors. The topology for t
Solutions
```
Router 1
Problem: Access list 1 not necessary.
Solution:
conf t
no access-list 1
int fa0/1
no ip access-group 1 out
Router 2
Problem: Access list does not permit HTTPS connections and fails to permit traffic for the rest of
the subnet.
Solution:
conf t
access-list 101 permit tcp any host 192.168.2.2 eq 80
access-list 101 permit tcp any host 192.168.2.2 eq 443
access-list 101 deny ip any host 192.168.2.2
access-list 101 permit ip any any
Router 3
Problem: Uses standard access list instead of extended.
Solution:
conf t
no access-list 1
int fa 0/1
no ip access-group 1
access-list 101 permit ip host 192.168.3.2 host 192.168.2.2
access-list 101 deny ip host 192.168.3.2 any
access-list 101 permit ip any any
int f0/1
ip access-group 101 in
Router 4
Problem: Access list wildcard mask incorrect and implemented in the wrong direction on the
interface.
Soution:
conf t
no access-list 101
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
int fa0/1
no ip access-group 101 in
ip access-group 101 out
Correct configuration
Router 1
R1# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R1#
Router R2
R2# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.2 255.255.255.0
ip access-group 101 in
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.2.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-list 101 permit tcp any host 192.168.2.2 eq www
access-list 101 permit tcp any host 192.168.2.2 eq 443
access-list 101 deny ip any host 192.168.2.2
access-list 101 permit ip any any
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R2#
Router R3
R3# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.3 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip access-group 101 in
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-list 101 permit ip host 192.168.3.2 host 192.168.2.2
access-list 101 deny ip host 192.168.3.2 any
access-list 101 permit ip any any
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R3#
Router R4
R4# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.4 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip access-group 101 out
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R4#
Broken configuration
Router R1
R1# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip access-group 1 out
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-List 1 deny any
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R1#
Router 2
R2# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.2 255.255.255.0
ip access-group 101 in
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-list 101 permit tcp any host 192.168.2.2 eq www
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R2#
Router R3
R3# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.3 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip access-group 1 in
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-List 1 permit 192.168.2.2
access-List 1 deny 192.168.3.2
access-List 1 permit any
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R3#
Router R4
R4# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.4 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip access-group 101 in
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
no ip address
shutdown
*!
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
access-list 101 permit ip 192.168.0.0 0.0.255.255 192.168.4.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R4#
```
You might also like to view...
Give an example of a schedule that is acceptable (without any delays caused by locks) by an immediate-update pessimistic strict two-phase locking concurrency control, while an optimistic concurrency control restarts one of the transactions.
What will be an ideal response?
Adware displays promotional items on user computers
Indicate whether the statement is true or false
A database is a collection of one or more related tables
Indicate whether the statement is true or false
Photorealist of the 1990s preferred subject matter that ______________.
a. contained bright colors b. contained metallic reflections c. contained subdued hues d. all of the above