Use the Topology

Rechnernetze Laborkonfiguration 1 (Sem2)

Prof. Dr. Richard Sethmann, 22.11.2002

199.6.13.0 net

S0 (DCE)
204.204.7.0 net

S1 Tokio
E0

25

26

S1
S0 (DCE)
Sydney

New York

201.100.11.0 net

S1

E0

E0

21

S0 (DCE)
Bremen

E0

22

Moskau

223.8.151.0 net

E1
15

23

16

24

27
210.93.105.0 net

17

11
14

219.17.100.0 net
12

User Password = cisco

Enable Secret Password = class
Terminal vty Password = cisco

13

192.5.5.0 net
Legende

Router

Switch

Hub

KonsolenVerbindung

SerielleVerbindung

EthernetVerbindung

Router-Name - Lab_C2
Router-Type - 1720
E0 = 223.8.151.1
S0 = 204.204.7.1
S1 = 199.6.13.2
Router-Name - Lab_A2 SM = 255.255.255.0
Router-Type - 1751
Router-Name - Lab_D2
E1 = 192.5.5.1
Router-Type - 1720
S0 = 201.100.11.1
E0 = 210.93.105.1
SM = 255.255.255.0
S1 = 204.204.7.2
Router-Name - Lab_B2 SM = 255.255.255.0
Router-Type - 1720
Router-Name - Lab_E2
E0 = 219.17.100.1
Router-Type - 1720
S0 = 199.6.13.1
E0 = 210.93.105.2
S1 = 201.100.11.2
SM = 255.255.255.0
SM = 255.255.255.0

ACL Exercise 2:
Write an access list to allow web access and deny all other protocols for the network
223.8.151.0 /24.
Solution:
Tokio(config)#access-list 100 permit tcp 223.8.151.0 0.0.0.255 any eq 80
Tokio(config)#access-list 100 deny ip any any
Tokio(config)#interface ethernet0
Tokio(config-if)#ip access-group 100 in

ACL Exercise 3:
Write an access list to allow telnet access to the serial connections of the routers and web
access to the internet, for hosts 223.8.151.128-131. The other hosts shall have web access
only.
128= 1000 0000
129= 1000 0001
130= 1000 0010
131= 1000 0011
Solution:

Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 199.6.13.1 eq 23

Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 199.6.13.2 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 201.100.11.1 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 201.100.11.2 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 204.204.7.1 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 204.204.7.2 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.0 0.0.0.255 any eq 80
Tokio(config)#access-list 100 deny ip any any
Tokio(config)#interface ethernet0
Tokio(config-if)#ip access-group 100 in
Solution:
Tokio(config)#access-list 100 permit tcp 223.8.151.0 0.0.0.255 any eq www
Tokio(config)#access-list 100 permit udp 223.8.151.0 0.0.0.255 any eq dns
Tokio(config)#access-list 100 permit tcp 223.8.151.0 0.0.0.255 any eq dns
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 199.6.13.1 eq telnet
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 199.6.13.2 eq telnet
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 201.100.11.1 eq telnet
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 201.100.11.2 eq telnet
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 204.204.7.1 eq telnet
Tokio(config)#access-list 100 permit tcp 223.8.151.128 0.0.0.3 host 204.204.7.2 eq telnet
Tokio(config)#access-list 100 deny ip any any
Tokio(config)# interface e0
Tokio (config-if)# ip access-group 100 in

Exercise 4:
Using Sem 2 lab setup, write an access list to allow web access only, for hosts 192.5.5.64127, no restrictions for all other 192.5.5.0 hosts. Web access uses TCP port 80.
63= 0011 1111
64= 0100 0000
65= 0100 0001
.
126= 0111 1110
127= 0111 1111
Solution 1:
Bremen(config)#access-list 100 permit tcp 192.5.5.64 0.0.0.63 any eq 80
Bremen(config)#access-list 100 deny ip 192.5.5.64 0.0.0.63 any
Bremen(config)#access-list 100 permit ip any any
Bremen(config)#access-list 100 deny ip any any
Bremen(config)# interface e1
Bremen(config-if)# ip access-group 101 in
Solution 2:
Bremen(config)#access-list 101 permit tcp 192.5.5.64 0.0.0.63 any eq 80
Bremen(config)#access-list 101 deny ip 192.5.5.64 0.0.0.63 any
Bremen(config)#access-list 101 permit ip 192.5.5.0 0.0.0.255 any
Bremen(config)# interface e1

Bremen(config-if)# ip access-group 101 in

Exercise 5:
Write an access list to allow only odd numbered hosts on 223.8.151.0 to telnet router Bremen.
1= 0000 0001
2= 0000 0010
3= 0000 0011
4= 0000 0100
5= 0000 0101
254= 1111 1110
Solution 1:
Tokio(config)#access-list 100 permit tcp 223.8.151.1 0.0.0.254 host 192.5.5.1 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.1 0.0.0.254 host 201.100.11.1 eq 23
Tokio(config)#access-list 100 deny ip any any
Tokio(config)#interface ethernet0
Tokio(config-if)#ip access-group 101 in