Lab 5.5.2: Access Control Lists Challenge

You can use any current router in your lab as long as it has the required interfaces shown in the topologydiagram.
Nội dung trích xuất từ tài liệu:
Lab 5.5.2: Access Control Lists ChallengeLab 5.5.2: Access Control Lists Challenge Topology DiagramAddressing Table Device Interface IP Address Subnet Mask Default Gateway S0/0/0 10.1.0.1 255.255.255.0 N/A R1 Fa0/1 10.1.1.254 255.255.255.0 N/A S0/0/0 10.1.0.2 255.255.255.0 N/A R2 S0/0/1 10.3.0.1 255.255.255.0 N/A Lo 0 10.13.205.1 255.255.0.0 N/A S0/0/1 10.3.0.2 255.255.255.0 N/A R3 Fa0/1 10.3.1.254 255.255.255.0 N/A PC 1 NIC 10.1.1.1 255.255.255.0 10.1.1.254 PC 3 NIC 10.3.1.1 255.255.255.0 10.3.1.254 All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 9 CCNA Exploration Accessing the WAN: ACLs Lab 5.5.2: Access Control Lists ChallengeLearning Objectives To complete this lab: • Design named standard and named extended ACLs. • Apply named standard and named extended ACLs. • Test named standard and named extended ACLs. • Troubleshoot named standard and named extended ACLs.Task 1: Prepare the Network Step 1: Cable a network that is similar to the one in the Topology Diagram. You can use any current router in your lab as long as it has the required interfaces shown in the topology diagram. Note: If you use a 1700, 2500, or 2600 router, the router outputs and interface descriptions may appear different. Step 2: Clear any existing configurations on the routers.Task 2: Perform Basic Router Configurations. Configure the R1, R2, and R3 routers according to the following guidelines: • Configure the router hostname. • Disable DNS lookup. • Configure an EXEC mode password. • Configure a message-of-the-day banner. • Configure a password for console connections. • Configure a password for VTY connections. • Configure IP addresses on all devices. • Create a loopback interface on R2. • Enable OSPF area 0 on all routers for all networks. • Verify full IP connectivity using the ping command. R1 hostname R1 no ip domain-lookup enable secret class ! interface FastEthernet0/1 ip address 10.1.1.254 255.255.255.0 no shutdown ! interface serial 0/0/0 ip address 10.1.0.1 255.255.255.0 clock rate 125000 no shutdown ! All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 9CCNA ExplorationAccessing the WAN: ACLs Lab 5.5.2: Access Control Lists Challengerouter ospf 1 network 10.1.0.0 0.0.0.255 area 0 network 10.1.1.0 0.0.0.255 area 0!banner motd ^Unauthorized access strictly prohibited, violators will beprosecuted to the full extent of the law.^!line con 0 logging synchronous password cisco login!line vty 0 4 password cisco login!R2hostname R2enable secret classno ip domain lookup!interface Loopback0 ip address 10.13.205.1 255.255.0.0!interface Serial0/0/0 ip address 10.1.0.2 255.255.255.0 no shutdown!interface Serial0/0/1 ip address 10.3.0.1 255.255.255.0 clockrate 125000 no shutdown!router ospf 1 network 10.1.0.0 0.0.0.255 area 0 network 10.3.0.0 0.0.0.255 area 0 network 10.13.0.0 0.0.255.255 area 0!banner motd ^Unauthorized access strictly prohibited, violators will beprosecuted to the full extent of the law.^!line con 0 password cisco logging synchronous login!line vty 0 4 password cisco login!R3hostname R3All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 9 CCNA Exploration Accessing the WAN: ACLs Lab 5.5.2: Access Control Lists Challenge ! enable secret class no ip domain lookup ! interface FastEthernet0/1 ip address 10.3.1.254 255.255.255.0 no shutdown ! interface Serial0/0/1 ip address 10.3.0.2 255.255.255.0 no shutdown ! router ospf 1 network 10.3.0.0 0.0.0.255 area 0 network 10.3.1.0 0.0.0.255 area 0 ! banner motd ^Unauthorized access strictly prohibited, violators will be prosecuted to the full extent of the law.^ ! line con 0 password cisco logging synchronous login ! line vty 0 4 password cisco login !Task 3: Configuring Standard ACLs Configure standard named ACLs on the R1 and R3 VTY lines, permitting hosts connected directly to their FastEthernet subnets to gain Telnet access. Deny and log all other connection attempts. Document your testing procedures. __________________________________________________________________________________ _________________________________________________________________________ ...