Help needed in my ACL. Desperate. my last chance
Davey2006
Member Posts: 2 ■□□□□□□□□□
in CCNA & CCENT
Help needed in my ACL.. Desperate.. my last chance
I really need some help and I would appreciate it very much…
The Wan IP address is 100.10.5.0 with a subnetmask of 255.255.255.0
The local lan has been assigned an IP adress of 10.10.10.0
Each Subnet of the above network needs to accommodate 24 host adresses.
Use the 3 (Third) usable subnet for the lan. Do not use subnet zero as the first subnet.
The IGRP AS number is 25
I have done all the subnetting
Production Host
IP address _____10.10.10.98 till 10.10..10.126_____________
Subnet Mask ____255.255.255.244______________
Default Gateway ___10.10.10.33________________________
Management Host
IP address___10.10.10.112 till 10.10.10.126_______________
Subnet Mask _____255.255.255.244_____________
Default Gateway ___10.10.10.33_____________________
1. The company has an Intranet Web server host that all systems can reach at IP address 172.16.0.1 with only HTTP access. No other protocols will be permitted to this site.
2. The company also has a server pool in the 209.0.0.0/24 network. Half of the servers are allocated with odd number ip address(e.g 209.0.0.1) and other half of the ip address are allocated with even number address(e.g 209.0.0.2).The servers in odd numbers are reachable by management hosts using all possible ip protocols. The servers in even numbers are reachable by all LAN hosts using all possible protocols. The servers should not be accessible by any other hosts.
3. The company has discovered an Internet Web server at 198.0.0.1 that is known to contain viruses.
All hosts are to be banned from reaching this site.
MY ANSWERS
1. Acceslist 102 Permit TCP any 172.16.0.1
2. Acceslist 103 Permit IP any 209.0.0.128/25 (Management Host)
Acceslist 104 Permit IP any 209.0.0.0/25 (Production Host)
Acceslist 105 Permit ip deny 209.0.0.0/24 any
3. Acceslist 106 Permit TCP deny any 198.0.0.1
4. Acceslist 107 Permit IP any any
But it’s wrong (I’m told) but what I don’t know..
Can u please help me?
I really need some help and I would appreciate it very much…
The Wan IP address is 100.10.5.0 with a subnetmask of 255.255.255.0
The local lan has been assigned an IP adress of 10.10.10.0
Each Subnet of the above network needs to accommodate 24 host adresses.
Use the 3 (Third) usable subnet for the lan. Do not use subnet zero as the first subnet.
The IGRP AS number is 25
I have done all the subnetting
Production Host
IP address _____10.10.10.98 till 10.10..10.126_____________
Subnet Mask ____255.255.255.244______________
Default Gateway ___10.10.10.33________________________
Management Host
IP address___10.10.10.112 till 10.10.10.126_______________
Subnet Mask _____255.255.255.244_____________
Default Gateway ___10.10.10.33_____________________
1. The company has an Intranet Web server host that all systems can reach at IP address 172.16.0.1 with only HTTP access. No other protocols will be permitted to this site.
2. The company also has a server pool in the 209.0.0.0/24 network. Half of the servers are allocated with odd number ip address(e.g 209.0.0.1) and other half of the ip address are allocated with even number address(e.g 209.0.0.2).The servers in odd numbers are reachable by management hosts using all possible ip protocols. The servers in even numbers are reachable by all LAN hosts using all possible protocols. The servers should not be accessible by any other hosts.
3. The company has discovered an Internet Web server at 198.0.0.1 that is known to contain viruses.
All hosts are to be banned from reaching this site.
MY ANSWERS
1. Acceslist 102 Permit TCP any 172.16.0.1
2. Acceslist 103 Permit IP any 209.0.0.128/25 (Management Host)
Acceslist 104 Permit IP any 209.0.0.0/25 (Production Host)
Acceslist 105 Permit ip deny 209.0.0.0/24 any
3. Acceslist 106 Permit TCP deny any 198.0.0.1
4. Acceslist 107 Permit IP any any
But it’s wrong (I’m told) but what I don’t know..
Can u please help me?
Comments
-
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
But it’s wrong (I’m told) but what I don’t know..
Can u please help me?[/quote]
Sounds like an exam, why dont you ask the person who told you it was wrong?There must be a reason then have not provided you with the correct answer.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
Danman32
Member Posts: 1,243
Yup, plenty of errors.
First, the keyword is accesslist, not acceslist.
for 1. you allowed all traffic, when the question said only HTTP.
For 2, I believe that you cannot use that syntax for the wildcard.
But here's a hint: you have to filter ignoring MOST of the last octet. You still have to consider the last (rightmost) bit to determine odd or even though.
for 3, you use permit OR deny, not both in the same line.
Review the syntax for accesslists. -
Davey2006
Member Posts: 2 ■□□□□□□□□□
oke thnx, but my teacher doesn't want to say what's wrong, he's really giving me a hard time.
Can someone correct this for me...? -
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
There is a reason why he doesnt give you the answer, you must learn and do it yourself.Go to the link below and read.Davey2006 wrote:oke thnx, but my teacher doesn't want to say what's wrong, he's really giving me a hard time.
Can someone correct this for me...?
If you dont understand something in the docs you read post questions here.
Dont expect us to do your homework assignment.
http://www.cisco.com/en/US/tech/tk648/tk361/tk821/tsd_technology_support_sub-protocol_home.htmlNetworking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
Danman32
Member Posts: 1,243
I pretty much told you what was wrong. Go back and study the syntax and conventions of standard and extended access lists.
