ACL help with a case study

timmy2xtimmy2x Posts: 5Member ■□□□□□□□□□
Hello everyone, I was wondering if anyone would be able to tell me if the ACL's I wrote for the CCNA 2 Routing Case Study I am working on are correct. I think I'm on the right track, but the ACL's are a little confusing for me, so I am not exactly sure.

Comments

  • polmpolm Posts: 34Member ■■□□□□□□□□
    looks good to me icon_wink.gif
  • timmy2xtimmy2x Posts: 5Member ■□□□□□□□□□
    The network consists of 5 workstations, a file server, 3 switches and 3 routers. The File Server and Workstation 2 connect into the Center router. The center router connects into the Boaz and Eva routers. The Boaz router connects into a switch, with Workstation 3 and 4 connect into the switch. The Eva router connects into a switch, with Workstation 5 and 6 connect into that.

    File Server IP: 207.102.43.34
    Workstation 2 IP: 207.102.43.35
    Center Router FA 0/0 IP: 207.102.43.33

    Center Router Serial 0/0 IP: 207.102.43.65
    Boaz Router Serial 0/0 IP: 207.102.43.66

    Boaz Router FA 0/0 IP: 207.102.43.97
    Workstation 3 IP: 207.102.43.98
    Workstation 4 IP: 207.102.43.98

    Center Router Serial 0/1 IP: 207.102.43.129
    Eva Router Serial 0/1 IP: 207.102.43.130

    Eva Router FA 0/0 IP: 207.102.43.161
    Workstation 5 IP: 207.102.43.162
    Workstation 6 IP: 207.102.43.163

    I need to create Access Control Lists that do the following:

    Workstation 2 and File Server 1 are on the management network. A ny device on the management network can access any other device on the entire network.

    Workstations on Eva and Boaz LANs are not permitted outside of their subnet except to access File Server 1

    Each router can telnet to the other routers and access any device on the network

    Here is what I have... any help would be greatly appreciated it if I'm doing something wrong!

    Boaz(config)# access-list 101 permit tcp 207.102.43.98 0.0.0.0 207.102.43.34 0.0.0.0
    Boaz(config)# access-list 101 permit tcp 207.102.43.99 0.0.0.0 207.102.43.34 0.0.0.0
    Boaz(config)# access-list 101 deny tcp any any
    Boaz(config)# access-list 101 remark Boaz workstations have access to File Server 1 only

    Boaz(config)# interface fa0/0
    Boaz(config-if)# ip access-group 101 in

    Eva(config)# access-list 102 permit tcp 207.102.43.162 0.0.0.0 207.102.43.34 0.0.0.0
    Eva(config)# access-list 102 permit tcp 207.102.43.163 0.0.0.0 207.102.43.34 0.0.0.0
    Eva(config)# access-list 102 deny tcp any any
    Eva(config)# access-list 102 remark Eva workstations have access to File Server 1 only

    Eva(config)# interface fa0/0
    Eva(config-if)# ip access-group 102 in



    Center(config)# access-list 1 permit 207.102.43.0 0.0.0.31
    Center(config)# access-list 1 remark permit management network (File server 1 and Workstation 2) access to any device on the network

    Center(config)# interface s0/0
    Center(config-if)# ip access-group 1 out

    Center(config)# access-list 2 permit 207.102.43.0 0.0.0.31
    Center(config)# access-list 2 remark permit management network (File server 1 and Workstation 2) access to any device on the network

    Center(config)# interface s0/1
    Center(config-if)# ip access-group 2 out


    Boaz(config)# access-list 103 permit tcp 207.102.43.65 0.0.0.0 207.102.43.66 0.0.0.0 eq telnet
    Boaz(config)# access-list 103 permit tcp 207.102.43.130 0.0.0.0 207.102.43.66 0.0.0.0 eq telnet
    Boaz(config)# access-list 103 remark permit the other two routers telnet access into Boaz router

    Boaz(config)# line vty 0 4
    Boaz(config-line)# login
    Boaz(config-line)# password cisco
    Boaz(config-line)# ip access-class 103 in

    Boaz(config)# access-list 3 permit any any
    Boaz(config)# access-list 3 remark permit Boaz router access to any device on the network

    Boaz(config)# interface fa0/0
    Boaz(config-if)# ip access-group 3 out


    Center(config)# access-list 104 permit tcp 207.102.43.66 0.0.0.0 207.102.43.65 0.0.0.0 eq telnet
    Center(config)# access-list 104 permit tcp 207.102.43.130 0.0.0.0 207.102.43.129 0.0.0.0 eq telnet
    Center(config)# access-list 104 remark permit the other two routers telnet access into Center router

    Center(config)# line vty 0 4
    Center(config-line)# login
    Center(config-line)# password cisco
    Center(config-line)# ip access-class 104 in

    Center(config)# access-list 4 permit any any
    Center(config)# access-list 4 remark permit Center router access to any device on the network

    Center(config)# interface fa0/0
    Center(config-if)# ip access-group 4 out


    Eva(config)# access-list 105 permit tcp 207.102.43.66 0.0.0.0 207.102.43.130 0.0.0.0 eq telnet
    Eva(config)# access-list 105 permit tcp 207.102.43.129 0.0.0.0 207.102.43.130 0.0.0.0 eq telnet
    Eva(config)# access-list 105 remark permit the other two routers telnet access into Eva router

    Eva(config)# line vty 0 4
    Eva(config-line)# login
    Eva(config-line)# password cisco
    Eva(config-line)# ip access-class 105 in

    Eva(config)# access-list 5 permit any any
    Eva(config)# access-list 5 remark permit Eva router access to any device on the network

    Eva(config)# interface fa0/0
    Eva(config-if)# ip access-group 5 out
  • mistervincemistervince Posts: 81Member ■■□□□□□□□□
    yea that loox good my friend... only thing is... i hope that you didn't put that all in the router... just put in notepad then paste it in. takes care of all the typos everyone makes and suffers from. otherwise, thats solid.
    Why is SuSE better than Redhat?

    Its alllll in the startup scripts. All in the startup scripts. >.<

    (\__/)This is Bunny. Copy and paste bunny into
    (='.'=)your signature to help him gain world
    (")_(")domination.
  • DrakonblaydeDrakonblayde Posts: 542Member
    best way to learn is to actually put it into the router, so I most certainly hope he did enter the commands and made the common mistakes, because he's gonna make them anyway... better to make them in a classroom setting and learn rather than do it on the exam
    = Marcus Drakonblayde
    ================
    CCNP-O-Meter:
    =[0%]==[25%]==[50%]==[75%]==[100%]
    ==[X]===[X]====[ ]=====[ ]====[ ]==
    =CCNA==BSCI==BCMSN==BCRAN==CIT=
Sign In or Register to comment.