User Account

All Pages

Configuration of Access Control Lists

Assignment Help Computer Networking
Reference no: EM133212701

Access Control Lists (ACL) in Packet Tracer

Objectives of this Lab:

The goal of this lab is to become familiar with the configuration of Access Control Lists (ACLs) in Packet Tracer.

Access Control Lists (ACLs):

In order to filter network traffic, ACLs control whether routed packets are forwarded or blocked at the router interface. Your router examines each packet in order to determine whether to forward or drop the packet based on the criteria that you specify within the ACL.

ACL criteria include:
• Source address of the traffic
• Destination address of the traffic
• Upper-layer protocol

Complete these steps in order to construct an ACL as the examples in this document show:
1. Create an ACL.
2. Apply the ACL to an interface.

The IP ACL is a sequential collection of permit and deny conditions that apply to an IP packet. The router tests packets against the conditions in the ACL one at a time.
The first match determines whether the Cisco IOS Software accepts or rejects the packet.

Types of ACL:
There are two main different types of Access-list namely:

1. Standard Access-list - These are the Access-list which are made using the source IP address only. These ACLs permit or deny the entire protocol suite. They don't distinguish between the IP traffic such as TCP, UDP, HTTPs etc. By using numbers 1-99 or 1300- 1999, router will understand it as a standard ACL and the specified address as source IP address.

2. Extended Access-list - These are the ACL which uses both source and destination IP address. In this type of ACL, we can also mention which IP traffic (for example TCP/UDP etc) should be allowed or denied. These use range 100-199 and 2000-2699.

Advantages of ACL:

• Improve network performance.

• Provides security as administrator can configure the access list according to the needs and deny the unwanted packets from entering the network.

• Provides control over the traffic as it can permit or deny according to the need of network.

Important ACL configuration commands:

1. access-list command

A standard ACL provides the ability to match traffic based on the source address of the traffic only. This is, of course, rather limiting, but in many situations is all that is required. The command syntax of a standard ACL is as follows:

router(config)#access-list access-list-number {permit | deny} {source[source-wildcard]
| host hostname | any}

2. ip access-group command

To apply an IPv4 access control list (ACL) to a Layer 3 interface as a router ACL, we use the ip access-group command. To remove an IPv4 ACL from an interface, we use the no form of this command.
ip access-group access-list-number {in | out}
no ip access-group access-list-number {in | out}

Create the network topology below in Packet Tracer and follow the steps below to configure the static routes for the remote networks.

1. Assign the IP addresses (provided in the topology diagram) to all the end hosts with the subnet mask of 255.255.255.0. Also configure the default gateways accordingly.

2. Configure the IP addresses on router interfaces Following are the commands to configure the Student_Router1

Student_Router1(config)#int Gig0/0

Student_Router1(config-if)#ip address 192.168.1.1 255.255.255.0 Student_Router1(config-if)#no shutdown
Student_Router1(config-if)#exit Student_Router1(config)#int Gig0/1
Student_Router1(config-if)#ip address 192.168.10.1 255.255.255.0
Student_Router1(config-if)#no shutdown

Student_Router1(config-if)#exit


Following are the commands to configure the Student_Router2

Student_Router2(config)#int Gig0/0

Student_Router2(config-if)#ip address 192.168.10.2 255.255.255.0 Student_Router2(config-if)#no shutdown
Student_Router2(config-if)#exit Student_Router2(config)#int Gig0/1
Student_Router2(config-if)#ip address 192.168.20.1 255.255.255.0 Student_Router2(config-if)#no shutdown
Student_Router2(config-if)#exit

Now, we will configure the routers with the static routing command

3. Configure a Static Route Using a Next-Hop Address.

Following are the commands to configure the static routes on Student_Router1.

Student_Router1>enable Student_Router1#config terminal
Student_Router1(config)#ip route 192.168.20.0 255.255.255.0 192.168.10.2

Following are the commands to configure the static routes on Student_Router2.
Student_Router2>enable Student_Router2#config terminal
Student_Router2(config)#ip route 192.168.1.0 255.255.255.0 192.168.10.1

4. Configure the standard access list
Student_Router1(config)#access-list 1 deny 192.168.20.4 0.0.0.0

Student_Router1(config)#access-list 1 permit any

In the wildcard entry, we use the "0.0.0.0" address because we only wanted to block that particular host. This will deny any communication from the source IP address of "192.168.20.4". In the next command, parameter "any" permits the communication for all the other hosts.

5. Apply the standard access list to the interface.
Student_Router1(config)#int gig0/0
Student_Router1(config-if)#ip access-group 1 out Student_Router1(config-if)#exit

In the command, we specify "out" which corresponds to the outbound traffic (any traffic going out of the interface).

This will apply the access list to the interface giga ethernet 0/0. Now, "192.168.20.4" will not be able to send traffic to the "Student_Router1" interface gig 0/0 (to the corresponding network "192.168.1.0" i.e neither to 192.168.1.2 nor to 192.168.1.3).

6. See the configured access list of the router.

"show access-lists" is the command to see the configured access list of the router.

7. To add a new host to deny communication in existing ACL.

If we want to add a new host AdminPC2 with IP address "192.168.20.3", we have to do the following configuration. First, we have to delete the command permit any with the following command.

Answer the following Questions.

Question 1: Write the exact commands to configure access-list to deny communication from host 192.168.20.3 on Student_Router1. Set the enable password as your first name and show the running configuration of the router. (Snapshot/s Required)

Question 2: (Change the Student_Router1 hostname as your first name_Router1). With "show access-lists", show the output of the given command on Student_Router1. What is the use of this command? (Snapshot/s Required)

Question 3: How will you ensure that AttackerPC1 is unable to access StudentPC1? (Snapshot/s Required)

Question 4: How will you ensure that StudentPC2 is still able to access StudentPC1? (Snapshot/s Required)

Attachment:- Packet Tracer.rar

Reference no: EM133212701

Questions Cloud

Determine the teams dynamic ticket pricing strategy : Mike Miklos is the director of marketing for a Major League Baseball team. He leads a group to determine the team's dynamic ticket pricing strategy.
Compensation strategy for kraft heinz company : Analysis of the compensation strategy for Kraft Heinz Company
Read the article competitive irrationality : Read the article Competitive Irrationality and then complete the following. You must have two separate paragraphs with the following bolded bullets as the parag
Discuss the business and share necessary information : In this analysis we will examine queuing theory and apply it to wait times at a business of your choice. You will research a business that has a queuing system
Configuration of Access Control Lists : Lab - Access Control Lists (ACL) in Packet Tracer - How will you ensure that AttackerPC1 is unable to access StudentPC1
Identify suppliers with capabilities for global business : Identify suppliers with capabilities for global business. Processes to track performance of suppliers including cost of ownership and outsourcing
History of the best buy company : 1. History of the best buy company and what this company does
Human resources information system : Write about the human resources information system in Shell Petroleum Company and complete the tasks below for this system
What is premium product-service of tata consultancy services : What is that one premium product or service of TATA Consultancy Services (TCS) that gives them a competitive differentiation advantage in the market.

Reviews

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd