Announcement

Collapse
No announcement yet.

ACL Configuration Scenario Question?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACL Configuration Scenario Question?

    Bases on the scenario, did I configure it correctly. I’m not sure if this is correct. See configuration alon with Network diagram.


    (1) Configure the router with an access-list that would only allow one of the 4 hosts
    could pass traffic on port 80 to the web server

    (2) All other traffic is allowed.

    (3) Use 3 lines or less


    Created the ACL:

    Router(config)# access-list 100 permit tcp host 192.168.1.2 host 192.168.2.2 eq www
    Router(config)# access-list 100 permit ip any any

    Apply ACL on Ethernet 0:

    Router(config-if)#ip access-group 100 in







    Attached Files

  • #2
    Re: ACL Configuration Scenario Question?

    No.

    Try this:
    access-list 100 permit tcp host 192.168.1.2 host 192.168.2.2 eq www
    access-list 100 permit ip host 192.168.2.2 host 192.168.1.2

    On E1:
    ip access-group 100 in
    CCNA, Network+

    Comment


    • #3
      Re: ACL Configuration Scenario Question?

      Daze,
      Can you explain why he should add the rule:
      access-list 100 permit ip host 192.168.2.2 host 192.168.1.2
      I think you have the same confusion about objective 2 as what I have

      @Tsignal,
      Can you explain a bit more what you mean with objective 2?

      (1) Configure the router with an access-list that would only allow one of the 4 hosts could pass traffic on port 80 to the web server

      With the line access-list 100 permit tcp host 192.168.1.2 host 192.168.2.2 eq www you will allow only host 192.168.1.2 to access the website running on 192.168.2.2
      If this is your goal, ok this is fine.

      (2) All other traffic is allowed.
      What other traffic? From where to where? If all other traffic from all hosts except 192.168.1.2 then you should place a deny first:
      eg:
      access-list 100 deny ip host 192.168.1.2 host 192.168.2.2
      Then add the line for example:
      access-list 100 permit ip 192.168.1.0 0.0.0.254 host 192.168.2.2

      If you place a deny first for the host address 192.168.1.2 then the line below (allow the whole subnet) will not be touched.

      (3) Use 3 lines or less
      well 3 lines is possible
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: ACL Configuration Scenario Question?

        Originally posted by Dumber View Post
        Daze,
        Can you explain why he should add the rule:
        access-list 100 permit ip host 192.168.2.2 host 192.168.1.2
        I think you have the same confusion about objective 2 as what I have
        I had to add it to allow traffic. For some reason Packet Tracer 5.0 would not allow traffic back. I will try with Dynamips latter. (Another reason not to trust simulators.)

        I just tried with Packet Tracer 4.11 @ home and works fine with access-list below.

        Yes all you would need is:
        access-list 100 permit tcp host 192.168.1.2 host 192.168.2.2 eq www

        Then on E1:
        access-group 100 in
        CCNA, Network+

        Comment

        Working...
        X