ACL help with a case study

timmy2x

Hello everyone, I was wondering if anyone would be able to tell me if the ACL's I wrote for the CCNA 2 Routing Case Study I am working on are correct. I think I'm on the right track, but the ACL's are a little confusing for me, so I am not exactly sure.

polm

looks good to me

timmy2x

The network consists of 5 workstations, a file server, 3 switches and 3 routers. The File Server and Workstation 2 connect into the Center router. The center router connects into the Boaz and Eva routers. The Boaz router connects into a switch, with Workstation 3 and 4 connect into the switch. The Eva router connects into a switch, with Workstation 5 and 6 connect into that.

File Server IP: 207.102.43.34
Workstation 2 IP: 207.102.43.35
Center Router FA 0/0 IP: 207.102.43.33

Center Router Serial 0/0 IP: 207.102.43.65
Boaz Router Serial 0/0 IP: 207.102.43.66

Boaz Router FA 0/0 IP: 207.102.43.97
Workstation 3 IP: 207.102.43.98
Workstation 4 IP: 207.102.43.98

Center Router Serial 0/1 IP: 207.102.43.129
Eva Router Serial 0/1 IP: 207.102.43.130

Eva Router FA 0/0 IP: 207.102.43.161
Workstation 5 IP: 207.102.43.162
Workstation 6 IP: 207.102.43.163

I need to create Access Control Lists that do the following:

Workstation 2 and File Server 1 are on the management network. A ny device on the management network can access any other device on the entire network.

Workstations on Eva and Boaz LANs are not permitted outside of their subnet except to access File Server 1

Each router can telnet to the other routers and access any device on the network

Here is what I have... any help would be greatly appreciated it if I'm doing something wrong!

Boaz(config)# access-list 101 permit tcp 207.102.43.98 0.0.0.0 207.102.43.34 0.0.0.0
Boaz(config)# access-list 101 permit tcp 207.102.43.99 0.0.0.0 207.102.43.34 0.0.0.0
Boaz(config)# access-list 101 deny tcp any any
Boaz(config)# access-list 101 remark Boaz workstations have access to File Server 1 only

Boaz(config)# interface fa0/0
Boaz(config-if)# ip access-group 101 in

Eva(config)# access-list 102 permit tcp 207.102.43.162 0.0.0.0 207.102.43.34 0.0.0.0
Eva(config)# access-list 102 permit tcp 207.102.43.163 0.0.0.0 207.102.43.34 0.0.0.0
Eva(config)# access-list 102 deny tcp any any
Eva(config)# access-list 102 remark Eva workstations have access to File Server 1 only

Eva(config)# interface fa0/0
Eva(config-if)# ip access-group 102 in



Center(config)# access-list 1 permit 207.102.43.0 0.0.0.31
Center(config)# access-list 1 remark permit management network (File server 1 and Workstation 2) access to any device on the network

Center(config)# interface s0/0
Center(config-if)# ip access-group 1 out

Center(config)# access-list 2 permit 207.102.43.0 0.0.0.31
Center(config)# access-list 2 remark permit management network (File server 1 and Workstation 2) access to any device on the network

Center(config)# interface s0/1
Center(config-if)# ip access-group 2 out


Boaz(config)# access-list 103 permit tcp 207.102.43.65 0.0.0.0 207.102.43.66 0.0.0.0 eq telnet
Boaz(config)# access-list 103 permit tcp 207.102.43.130 0.0.0.0 207.102.43.66 0.0.0.0 eq telnet
Boaz(config)# access-list 103 remark permit the other two routers telnet access into Boaz router

Boaz(config)# line vty 0 4
Boaz(config-line)# login
Boaz(config-line)# password cisco
Boaz(config-line)# ip access-class 103 in

Boaz(config)# access-list 3 permit any any
Boaz(config)# access-list 3 remark permit Boaz router access to any device on the network

Boaz(config)# interface fa0/0
Boaz(config-if)# ip access-group 3 out


Center(config)# access-list 104 permit tcp 207.102.43.66 0.0.0.0 207.102.43.65 0.0.0.0 eq telnet
Center(config)# access-list 104 permit tcp 207.102.43.130 0.0.0.0 207.102.43.129 0.0.0.0 eq telnet
Center(config)# access-list 104 remark permit the other two routers telnet access into Center router

Center(config)# line vty 0 4
Center(config-line)# login
Center(config-line)# password cisco
Center(config-line)# ip access-class 104 in

Center(config)# access-list 4 permit any any
Center(config)# access-list 4 remark permit Center router access to any device on the network

Center(config)# interface fa0/0
Center(config-if)# ip access-group 4 out


Eva(config)# access-list 105 permit tcp 207.102.43.66 0.0.0.0 207.102.43.130 0.0.0.0 eq telnet
Eva(config)# access-list 105 permit tcp 207.102.43.129 0.0.0.0 207.102.43.130 0.0.0.0 eq telnet
Eva(config)# access-list 105 remark permit the other two routers telnet access into Eva router

Eva(config)# line vty 0 4
Eva(config-line)# login
Eva(config-line)# password cisco
Eva(config-line)# ip access-class 105 in

Eva(config)# access-list 5 permit any any
Eva(config)# access-list 5 remark permit Eva router access to any device on the network

Eva(config)# interface fa0/0
Eva(config-if)# ip access-group 5 out

mistervince

yea that loox good my friend... only thing is... i hope that you didn't put that all in the router... just put in notepad then paste it in. takes care of all the typos everyone makes and suffers from. otherwise, thats solid.

Drakonblayde

best way to learn is to actually put it into the router, so I most certainly hope he did enter the commands and made the common mistakes, because he's gonna make them anyway... better to make them in a classroom setting and learn rather than do it on the exam