Lab6 | PDF Host

1 Network and Internet Security Asst. Prof. Dr. Noor Ghazi 3 rd Stage – Semester 6 Lab 6 Configuring Access Control Lists (ACLs) in Cisco Routers  Examples to configure Standard ACLs in Cisco Router Note The topologies in this lecture are configured with the IP addresses and suitable routing protocol. Standard Access Control List Example (1) Use the following topology in figure (1) to achieve the following objective s : - Bl ock the host (192.168.1.3) to access the network connected to R3 - All other co nnections are allowed. Use standard access lists with ACL #1 Figure (1) 2 O n R3 R3(config)#access - list 1 deny host 192.168.1.3 R3(config)#access - list 1 permit any R3(config)#int f0/1 R3(config - if)#ip access - group 1 out To verify Access Control List :  Ping from 1 92 .16 8 1.3 to 192.168.3.3 & 192.168.3.10 is “ Administratively Prohibited ” As shown in figure (2).  Ping from 192.168.1.10 to 192.168.3.3 & 192.168.3.10 is Successful. As shown in figure (3). Figure (2) Figure (3) 3 E x ample (2) Use the below topology in figure (4) to achieve the following objectives: 1. Hosts on Router R3 should not be able to acc ess hosts on R2. 2. The host 192.168.1.10 on R1 should not be able to access hosts on R2. 3. All other communication is allowed. Use standard access lists with ACL #1 0 Figure (4) On R2 R2 (config)#access - list 1 0 deny 192.168.3.0 0.0.0.255 R2 (config)# access - list 1 0 deny host 192.168.1.10 ( or access - list 1 deny 192.168.1.10 0.0.0.0) R2 (config)#access - list 1 0 permit any R2 (config)#int f0/0 R2 (config - if)#ip access - group 1 0 out To verify Access Control List :  Ping from 1 92 .16 8 3.10 to 192.168. 2.3 & 192.168.2 .10 is “ Administratively Prohibited ”  Ping from 1 92 .16 8 3.3 to 192.168.2.3 & 192.168.2.10 is “ Administratively Prohibited”.  Ping from 192.168.1.10 to 192.168.2 .3 & 192.168. 2.10 is “ Administratively Prohibited ”  Ping from 192.168.1.3 to 192.168.2.3 & 192.168.2.10 is successful  Ping from 192.168.3.10 to 192.168.1.3 & 192.168.1.10 is successful Note Standard ACLs do not specify destination addresses, so they should be placed as close to the destination as possible.