Question

1 Approved Answer

Posted on Sep 22, 2024

Today's Lab: In this lab, we will learn how to configure ACLs on the router. 192.168.10.1 Gig0/1 192.168.1.1 Gigo/0/941 Stunt Router 192.168.10.2 Gig0/0 Gig0/1 1941

image text in transcribed

Today's Lab: In this lab, we will learn how to configure ACLs on the router. 192.168.10.1 Gig0/1 192.168.1.1 Gigo/0/941 Stunt Router 192.168.10.2 Gig0/0 Gig0/1 1941 192.168.20.1 Student Router2 29% TT PC-PT StudentPC1 PC-PT AdminPC: PC-PT StudentPC2 192.168.20.2 PCPT AttackerPC1 192.168.20.4 192.168.1.2 AdminPC2 192.168.20,3 192.168.1.3 Create the network topology below in Packet Tracer and follow the steps below to configure the static routes for the remote networks. 1. Assign the IP addresses (provided in the topology diagram) to all the end hosts with the subnet mask of 255.255.255.0. Also configure the default gateways accordingly. 2. Configure the IP addresses on router interfaces Following are the commands to configure the Student_Router1 Student Router1(config)#int Gig0/0 Student_Router1(config-if)#ip address 192.168.1.1 255.255.255.0 Student_Router1(config-if)#no shutdown Student_Router1(config-if)#exit Student_Router1(config)#int Gig0/1 Student_Router1(config-if)#ip address 192.168.10.1 255.255.255.0 Student_Router1(config-if)#no shutdown Student_Router1(config-if)#exit Lab 6: Configuring Access Control Lists (ACLs) Following are the commands to configure the Student_Router2 Student Router2(config)#int Gig0/0 Student_Router2(config-if)#ip address 192.168.10.2 255.255.255.0 Student_Router2(config-if)#no shutdown Student_Router2(config-if)#exit Student_Router2(config)#int Gig0/1 Student_Router2(config-if)#ip address 192.168.20.1 255.255.255.0 Student_Router2(config-if)#no shutdown Student_Router2(config-if)#exit Now, we will configure the routers with the static routing command 3. Configure a Static Route Using a Next-Hop Address. Following are the commands to configure the static routes on Student Routerl. Student Router1>enable Student_Routerl#config terminal Student_Router1(config)#ip route 192.168.20.0 255.255.255.0 192.168.10.2 Following are the commands to configure the static routes on Student Router2. Student Router2>enable Student_Router2#config terminal Student Router2(config)#ip route 192.168.1.0 255.255.255.0 192.168.10.1 4. Configure the standard access list Student_Router1(config)#access-list 1 deny 192.168.20.4 0.0.0.0 Lab 6: Configuring Access Control Lists (ACLs) Student Router1(config)#access-list 1 permit any In the wildcard entry, we use the "0.0.0.0 address because we only wanted to block that particular host. This will deny any communication from the source IP address of 192.168.20.4. In the next command, parameter "any" permits the communication for all the other hosts. Note: The order of statements is critical to the operation of an ACL. If the order of the entries is reversed above, the ACL will fail to block host 192.168.20.4. 5. Apply the standard access list to the interface. Student Router1(config)#int gig0/0 Student_Router1(config-if)#ip access-group 1 out Student_Router1(config-if)#exit In the command, we specify "out" which corresponds to the outbound traffic (any traffic going out of the interface). This will apply the access list to the interface giga ethernet 0/0. Now, 192.168.20.4 will not be able to send traffic to the "Student_Routerl" interface gig 0/0 (to the corresponding network "192.168.1.0" i.e neither to 192.168.1.2 nor to 192.168.1.3). 6. See the configured access list of the router. "show access-lists is the command to see the configured access list of the router. Router#show access-lists Standard IP access list 1 10 deny host 192.168.20.4 (4 match(es)) 20 permit any (20 match(es)) Router Command +F6 to exit CLI focus Copy Paste Top 7. To add a new host to deny communication in existing ACL. If we want to add a new host AdminPC2 with IP address "192.168.20.3", we have to do the following configuration. First, we have to delete the command permit any with the following command. Lab 6: Configuring Access Control Lists (ACLs) Student_Router1(config)#no access-list 1 permit any Then we have to run the following commands. Student_Router1(config)#access-list 1 deny 192.168.20.4 0.0.0.0 Student_Router1(config)#access-list 1 deny 192.168.20.3 0.0.0.0 Student_Router1(config)#access-list 1 permit any Answer the following Questions. Question 1: Write the exact commands to configure access-list to deny communication from host 192.168.20.3 on Student_Router1. Set the enable password as your first name and show the running configuration of the router. (Snapshot/s Required) [3 Marks) Question 2: (Change the Student_Router1 hostname as your first name_Routerl). With "show access-lists, show the output of the given command on Student_Routerl. What is the use of this command? (Snapshot/s Required) [3 Marks Question 3: How will you ensure that AttackerPC1 is unable to access StudentPC1? (Snapshot/s Required) [2 Mark] Today's Lab: In this lab, we will learn how to configure ACLs on the router. 192.168.10.1 Gig0/1 192.168.1.1 Gigo/0/941 Stunt Router 192.168.10.2 Gig0/0 Gig0/1 1941 192.168.20.1 Student Router2 29% TT PC-PT StudentPC1 PC-PT AdminPC: PC-PT StudentPC2 192.168.20.2 PCPT AttackerPC1 192.168.20.4 192.168.1.2 AdminPC2 192.168.20,3 192.168.1.3 Create the network topology below in Packet Tracer and follow the steps below to configure the static routes for the remote networks. 1. Assign the IP addresses (provided in the topology diagram) to all the end hosts with the subnet mask of 255.255.255.0. Also configure the default gateways accordingly. 2. Configure the IP addresses on router interfaces Following are the commands to configure the Student_Router1 Student Router1(config)#int Gig0/0 Student_Router1(config-if)#ip address 192.168.1.1 255.255.255.0 Student_Router1(config-if)#no shutdown Student_Router1(config-if)#exit Student_Router1(config)#int Gig0/1 Student_Router1(config-if)#ip address 192.168.10.1 255.255.255.0 Student_Router1(config-if)#no shutdown Student_Router1(config-if)#exit Lab 6: Configuring Access Control Lists (ACLs) Following are the commands to configure the Student_Router2 Student Router2(config)#int Gig0/0 Student_Router2(config-if)#ip address 192.168.10.2 255.255.255.0 Student_Router2(config-if)#no shutdown Student_Router2(config-if)#exit Student_Router2(config)#int Gig0/1 Student_Router2(config-if)#ip address 192.168.20.1 255.255.255.0 Student_Router2(config-if)#no shutdown Student_Router2(config-if)#exit Now, we will configure the routers with the static routing command 3. Configure a Static Route Using a Next-Hop Address. Following are the commands to configure the static routes on Student Routerl. Student Router1>enable Student_Routerl#config terminal Student_Router1(config)#ip route 192.168.20.0 255.255.255.0 192.168.10.2 Following are the commands to configure the static routes on Student Router2. Student Router2>enable Student_Router2#config terminal Student Router2(config)#ip route 192.168.1.0 255.255.255.0 192.168.10.1 4. Configure the standard access list Student_Router1(config)#access-list 1 deny 192.168.20.4 0.0.0.0 Lab 6: Configuring Access Control Lists (ACLs) Student Router1(config)#access-list 1 permit any In the wildcard entry, we use the "0.0.0.0 address because we only wanted to block that particular host. This will deny any communication from the source IP address of 192.168.20.4. In the next command, parameter "any" permits the communication for all the other hosts. Note: The order of statements is critical to the operation of an ACL. If the order of the entries is reversed above, the ACL will fail to block host 192.168.20.4. 5. Apply the standard access list to the interface. Student Router1(config)#int gig0/0 Student_Router1(config-if)#ip access-group 1 out Student_Router1(config-if)#exit In the command, we specify "out" which corresponds to the outbound traffic (any traffic going out of the interface). This will apply the access list to the interface giga ethernet 0/0. Now, 192.168.20.4 will not be able to send traffic to the "Student_Routerl" interface gig 0/0 (to the corresponding network "192.168.1.0" i.e neither to 192.168.1.2 nor to 192.168.1.3). 6. See the configured access list of the router. "show access-lists is the command to see the configured access list of the router. Router#show access-lists Standard IP access list 1 10 deny host 192.168.20.4 (4 match(es)) 20 permit any (20 match(es)) Router Command +F6 to exit CLI focus Copy Paste Top 7. To add a new host to deny communication in existing ACL. If we want to add a new host AdminPC2 with IP address "192.168.20.3", we have to do the following configuration. First, we have to delete the command permit any with the following command. Lab 6: Configuring Access Control Lists (ACLs) Student_Router1(config)#no access-list 1 permit any Then we have to run the following commands. Student_Router1(config)#access-list 1 deny 192.168.20.4 0.0.0.0 Student_Router1(config)#access-list 1 deny 192.168.20.3 0.0.0.0 Student_Router1(config)#access-list 1 permit any Answer the following Questions. Question 1: Write the exact commands to configure access-list to deny communication from host 192.168.20.3 on Student_Router1. Set the enable password as your first name and show the running configuration of the router. (Snapshot/s Required) [3 Marks) Question 2: (Change the Student_Router1 hostname as your first name_Routerl). With "show access-lists, show the output of the given command on Student_Routerl. What is the use of this command? (Snapshot/s Required) [3 Marks Question 3: How will you ensure that AttackerPC1 is unable to access StudentPC1? (Snapshot/s Required) [2 Mark]