Lab – Access List Simulation
Answer:
Corp1#configure terminal
Corp1(config)#interface s1/0
Corp1(config-if)#ip add 198.18.196.65 255.255.255.252
Corp1(config-if)#end
Corp1>enable
Corp1#show running-config
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config
Explanation:
Select the console on Corp1 router
Configuring ACL
Corp1>enable
Corp1#configure terminal
Comment: To permit only Host C (192. 168. 33. 3){source addr} to access finance server address (172.
22.242. 23){destination addr} on port number 80 (web) Corp1(config)# access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Comment: To deny any source to access finance server address (172. 22. 242. 23) {destination addr} on port number 80 (web)
Corp1(config)# access-list 100 deny tcp any host 172.22.242.23 eq 80
Comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.
Corp1(config)# access-list 100 permit ip any any
Applying the ACL on the Interface
Comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.
Corp1(config)#interface fa 0/1
If the ip address configured already is incorrect as well as the subnet mask. this should be corrected in Correct IP Address and subnet mask : no ip address 192. x. x. x 255. x. x. x (removes incorrect configured ip address and subnet mask) Configure order ACL to work type this commands at interface mode : ip address 172. 22. 242. 30 255. 255. 255. 240 ( range of address specified going to server is given as 172. 22. 242. 17 172. 22. 242. 30 )
Comment: Place the ACL to check for packets going outside the interface towards the finance web server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config
Verifying the Configuration:
Step1: Show ip interface brief command identifies the interface on which to apply access list.
Step2: Click on each host A,B,C & D . Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server(172. 22. 242. 23) to test whether it permits /deny access to the finance web Server.
Corp1#configure terminal
Corp1(config)#interface s1/0
Corp1(config-if)#ip add 198.18.196.65 255.255.255.252
Corp1(config-if)#end
Corp1>enable
Corp1#show running-config
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config
Explanation:
Select the console on Corp1 router
Configuring ACL
Corp1>enable
Corp1#configure terminal
Comment: To permit only Host C (192. 168. 33. 3){source addr} to access finance server address (172.
22.242. 23){destination addr} on port number 80 (web) Corp1(config)# access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Comment: To deny any source to access finance server address (172. 22. 242. 23) {destination addr} on port number 80 (web)
Corp1(config)# access-list 100 deny tcp any host 172.22.242.23 eq 80
Comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.
Corp1(config)# access-list 100 permit ip any any
Applying the ACL on the Interface
Comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.
Corp1(config)#interface fa 0/1
If the ip address configured already is incorrect as well as the subnet mask. this should be corrected in Correct IP Address and subnet mask : no ip address 192. x. x. x 255. x. x. x (removes incorrect configured ip address and subnet mask) Configure order ACL to work type this commands at interface mode : ip address 172. 22. 242. 30 255. 255. 255. 240 ( range of address specified going to server is given as 172. 22. 242. 17 172. 22. 242. 30 )
Comment: Place the ACL to check for packets going outside the interface towards the finance web server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config
Verifying the Configuration:
Step1: Show ip interface brief command identifies the interface on which to apply access list.
Step2: Click on each host A,B,C & D . Host opens a web browser page, Select address box of the web browser and type the ip address of finance web server(172. 22. 242. 23) to test whether it permits /deny access to the finance web Server.