Beruflich Dokumente
Kultur Dokumente
Lab
SAINATH PATIL(saipatil@cisco.com)
NETWORK CONSULTING ENGINEER
19 November 2012
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
1. Configuring Standard ACLs
2. Configuring Extended/named ACLs
3. Demo of how ACLs can help prevent attacks
4. Summarization in EIGRP
5. Configuring manual summarization
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
1. Allow only access only from 10.10.10.4 i.e PC0.
2. Allow only 10.10.10.4 to be able to login to Router0 via telnet
3. Allow all traffic from 10.10.10.5 except ping
4. All hosts should be able to access web pages from 172.16.16.6 except
10.10.10.4. However, 10.10.10.4 should be able to ping.
Check if the access-lists are being hit.
5. Allow ping but block trace-route to the destination from the 10.10.10.0/24
network.
6. Prevent IP Spoofing attack.
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
1. Demo of EIGRP summarization.
2. Check what routes are advertised with auto-summary on. Disable auto-
summary on Router4 and check what routes are seen on the Router5.
3. Calculate and configure eigrp manual summarization.
4. Check for Null route.
5. Check how summarization behaves in the absence of child routes.
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
1. An ACL to block traffic from a specific source should be placed:
3. What is the effect of a remark statement deny tcp 10.10.10.1 10.20.20.1 eq 80?
a. It denies all traffic from 10.10.10.1 to 10.20.20.1
b. It denies only http traffic to 10.20.20.1
c. It does not permit or deny any traffic. Just a statement.
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Thank you.
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9