CCNA(Stand-ALONE)Lab 29-Extended Access Lists

简介:
Objective: Gain experience configuring extended access lists.
Lab Equipment: Router 1, Router 2, and Router 4 from the eRouters menu
Background Reading: Lab Primer Lesson 10: Access Lists

1. If you have just completed Lab 28: Verifying Standard Access Lists, then all you need to do is execute the no ip access-group 1 in command on the Ethernet 0 interface of Router2, and then start this lab at step 10.
Router2>enable
Router2#conf t
Router2(config)#interface ethernet0
Router2(config-if)#no ip access-group 1 in
Note: If you have not completed Lab 28: Verifying Standard Access Lists and you feel confident about configuring IP addresses and RIP, establish the configuration in the table below and then continue with step 10.

2. Connect to Router 1, assign it a host name of Router1, and set the IP address on the Ethernet 0 interface to 24.17.2.1 255.255.255.240. Set the IP address on the serial 0 interface to 24.17.2.17 255.255.255.240. Remember to enable both interfaces.
Router>enable
Router#conf t
Router(config)#hostname Router1
Router1(config)#interface ethernet0
Router1(config-if)#ip address 24.17.2.1 255.255.255.240
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#interface serial0
Router1(config-if)#ip address 24.17.2.17 255.255.255.240
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#exit

3. Connect to Router 2, assign it a host name of Router2, and set the IP address on the Ethernet 0 interface to 24.17.2.2 255.255.255.240. Remember to enable the interface.
Router>enable
Router#config t
Router(config)#hostname Router2
Router2(config)#interface ethernet0
Router2(config-if)#ip address 24.17.2.2 255.255.255.240
Router2(config-if)#no shutdown
Router2(config-if)#exit
Router2(config)#exit

4. Ping Router1’s Ethernet 0 interface to ensure that a connection exists.
Router2#ping 24.17.2.1

5. Connect to Router 4, assign it a host name of Router4, and set the IP address on the serial 0 interface to 24.17.2.18 255.255.255.240. Then ping Router1’s serial 0 interface.
Router>enable
Router#conf t
Router(config)#hostname Router4
Router4(config)#interface serial0
Router4(config-if)#ip address 24.17.2.18 255.255.255.240
Router4(config-if)#no shutdown
Router4(config-if)#exit
Router4(config)#exit
Router4#ping 24.17.2.17

6. Now you need to implement a routing protocol to facilitate communication between Router2 and Router4. Enable Routing Information Protocol (RIP) on Router1, and add the network for Ethernet 0 and serial 0.
Router1#config t
Router1(config)#router rip
Router1(config-router)#network 24.0.0.0
Router1(config-router)#exit
Router1(config)#exit

7. On Router2, enable RIP and add the network for Ethernet 0.
Router2#conf t
Router2(config)#router rip
Router2(config-router)#network 24.0.0.0
Router2(config-router)#exit
Router2(config)#exit

8. On Router4, enable RIP and add the network for serial 0.
Router4#conf t
Router4(config)#router rip
Router4(config-router)#network 24.0.0.0
Router4(config-router)#exit
Router4(config)#exit

9. Verify that you can ping Router2’s Ethernet 0 interface from Router4.
Router4#ping 24.17.2.2

10. The extended access lists you create should accomplish two things. First, allow only Telnet traffic from the subnet off of Router1’s serial 0 interface to come into Router1.Next, allow any traffic from Router1’s Ethernet 0 subnet to travel anywhere. Connect to Router1, and enter global configuration mode.
Router1#conf t
Router1(config)#

11. To allow only Telnet traffic from the 24.17.2.16 subnet, create access list 101. Use the log keyword to display output to the router every time this line on the access list is invoked.
Router1(config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log

12. To permit all traffic from the 24.17.2.0 subnet, create access list 102, and use the log keyword.
Router1(config)#access-list 102 permit ip 24.17.2.0 0.0.0.15 any log

13. Now, apply these access lists to the interfaces. First, enter interface configuration mode for the serial 0 interface of Router1, and apply access list 101 inbound.
Router1(config)#interface serial0
Router1(config-if)#ip access-group 101 in
Router1(config-if)#exit

14. For Ethernet 0 on Router1, apply access list 102 inbound.
Router1(config)#interface ethernet0
Router1(config-if)#ip access-group 102 in
Router1(config-if)#exit

Note: To make sure the access lists are configured correctly, continue on to Lab 30: Verify Extended Access Lists without accessing the Lab Navigator.
******************************************************





本文转自redking51CTO博客,原文链接: http://blog.51cto.com/redking/74769 ,如需转载请自行联系原作者
相关文章
|
5月前
Cannot find a valid license key for ISIS Professional on this computer . this license Manager report
Cannot find a valid license key for ISIS Professional on this computer . this license Manager report