Beruflich Dokumente
Kultur Dokumente
199.6.13.0 net
S0 (DCE)
204.204.7.0 net
S1 Tokio
E0
25
26
S1
S0 (DCE)
Sydney
New York
201.100.11.0 net
S1
E0
E0
21
S0 (DCE)
Bremen
E0
22
Moskau
223.8.151.0 net
E1
15
23
16
24
27
210.93.105.0 net
17
11
14
219.17.100.0 net
12
13
192.5.5.0 net
Legende
Router
Switch
Hub
KonsolenVerbindung
SerielleVerbindung
EthernetVerbindung
Router-Name - Lab_C2
Router-Type - 1720
E0 = 223.8.151.1
S0 = 204.204.7.1
S1 = 199.6.13.2
Router-Name - Lab_A2 SM = 255.255.255.0
Router-Type - 1751
Router-Name - Lab_D2
E1 = 192.5.5.1
Router-Type - 1720
S0 = 201.100.11.1
E0 = 210.93.105.1
SM = 255.255.255.0
S1 = 204.204.7.2
Router-Name - Lab_B2 SM = 255.255.255.0
Router-Type - 1720
Router-Name - Lab_E2
E0 = 219.17.100.1
Router-Type - 1720
S0 = 199.6.13.1
E0 = 210.93.105.2
S1 = 201.100.11.2
SM = 255.255.255.0
SM = 255.255.255.0
ACL Exercise 2:
Write an access list to allow web access and deny all other protocols for the network
223.8.151.0 /24.
Solution:
Tokio(config)#access-list 100 permit tcp 223.8.151.0 0.0.0.255 any eq 80
Tokio(config)#access-list 100 deny ip any any
Tokio(config)#interface ethernet0
Tokio(config-if)#ip access-group 100 in
ACL Exercise 3:
Write an access list to allow telnet access to the serial connections of the routers and web
access to the internet, for hosts 223.8.151.128-131. The other hosts shall have web access
only.
128= 1000 0000
129= 1000 0001
130= 1000 0010
131= 1000 0011
Solution:
Exercise 4:
Using Sem 2 lab setup, write an access list to allow web access only, for hosts 192.5.5.64127, no restrictions for all other 192.5.5.0 hosts. Web access uses TCP port 80.
63= 0011 1111
64= 0100 0000
65= 0100 0001
.
126= 0111 1110
127= 0111 1111
Solution 1:
Bremen(config)#access-list 100 permit tcp 192.5.5.64 0.0.0.63 any eq 80
Bremen(config)#access-list 100 deny ip 192.5.5.64 0.0.0.63 any
Bremen(config)#access-list 100 permit ip any any
Bremen(config)#access-list 100 deny ip any any
Bremen(config)# interface e1
Bremen(config-if)# ip access-group 101 in
Solution 2:
Bremen(config)#access-list 101 permit tcp 192.5.5.64 0.0.0.63 any eq 80
Bremen(config)#access-list 101 deny ip 192.5.5.64 0.0.0.63 any
Bremen(config)#access-list 101 permit ip 192.5.5.0 0.0.0.255 any
Bremen(config)# interface e1
Exercise 5:
Write an access list to allow only odd numbered hosts on 223.8.151.0 to telnet router Bremen.
1= 0000 0001
2= 0000 0010
3= 0000 0011
4= 0000 0100
5= 0000 0101
254= 1111 1110
Solution 1:
Tokio(config)#access-list 100 permit tcp 223.8.151.1 0.0.0.254 host 192.5.5.1 eq 23
Tokio(config)#access-list 100 permit tcp 223.8.151.1 0.0.0.254 host 201.100.11.1 eq 23
Tokio(config)#access-list 100 deny ip any any
Tokio(config)#interface ethernet0
Tokio(config-if)#ip access-group 101 in