!---- Task 2: Secure Access to Routers
!-- Step 1. Configure ACL 10 to block all remote access to the routers except from PC-C.
!
ciscoconpa55
enable
ciscoenpa55
config terminal
!
access-list 10 permit 192.168.3.3 0.0.0.0
!
!-- Step 2. Apply ACL 10 to ingress traffic on the VTY lines.
!
line vty 0 15
access-class 10 in
!
!-- Step 3. Verify exclusive access from management station PC-C.
!
!PC> ssh –l SSHadmin 192.168.2.1
!Open
!Password:ciscosshpa55
!
!SERVER> ssh -l SSHadmin 192.168.2.1
!
!% Connection refused by remote host
!
!---- Task 5: Create a Numbered IP ACL 120
!-- Step 2. Configure ACL 120 to specifically permit and deny the specified traffic.
!
exit
access-list 120 permit udp any host 192.168.1.3 eq domain
access-list 120 permit tcp any host 192.168.1.3 eq smtp
access-list 120 permit tcp any host 192.168.1.3 eq ftp
access-list 120 deny tcp any host 192.168.1.3 eq 443
access-list 120 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22
!
!-- Step 3. Apply the ACL to interface S0/0/0.
!
interface s0/0/0
ip access-group 120 in
!
!---- Task 6: Modify An Existing ACL
!-- Step 2. Make any necessary changes to ACL 120 to permit and deny the specified traffic.
!
exit
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any unreachable
access-list 120 deny icmp any any
access-list 120 permit ip any any
!
--------------------------------------------------------------------------------------------------------------------------------------
R2
!---- Task 2: Secure Access to Routers
!-- Step 1. Configure ACL 10 to block all remote access to the routers except from PC-C.
!
ciscoconpa55
enable
ciscoenpa55
config terminal
!
access-list 10 permit 192.168.3.3 0.0.0.0
!
!-- Step 2. Apply ACL 10 to ingress traffic on the VTY lines.
!
line vty 0 15
access-class 10 in
!
!-- Step 3. Verify exclusive access from management station PC-C.
!
!PC> ssh –l SSHadmin 192.168.2.1
!Open
!Password:ciscosshpa55
!
!SERVER> ssh -l SSHadmin 192.168.2.1
!
!% Connection refused by remote host
!
--------------------------------------------------------------------------------------------------------------------------------------
R3
!---- Task 2: Secure Access to Routers
!-- Step 1. Configure ACL 10 to block all remote access to the routers except from PC-C.
!
ciscoconpa55
enable
ciscoenpa55
config terminal
!
access-list 10 permit 192.168.3.3 0.0.0.0
!
!-- Step 2. Apply ACL 10 to ingress traffic on the VTY lines.
!
line vty 0 15
access-class 10 in
!
!-- Step 3. Verify exclusive access from management station PC-C.
!
!PC> ssh –l SSHadmin 192.168.2.1
!Open
!Password:ciscosshpa55
!
!SERVER> ssh -l SSHadmin 192.168.2.1
!
!% Connection refused by remote host
!
!---- Task 3: Create a Numbered IP ACL 100
!-- Step 1. Configure ACL 100 to block all specified traffic from the outside network.
!
exit
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 224.0.0.0 15.255.255.255 any
access-list 100 permit ip any any
!
!-- Step 2. Apply the ACL to interface Serial 0/0/1.
!
interface s0/0/1
ip access-group 100 in
!
!-- Step 4. Remove the ACL from interface Serial 0/0/1.
!
interface s0/0/1
no ip access-group 100 in
!
!---- Task 4: Create a Numbered IP ACL 110
!-- Step 1. Configure ACL 110 to permit only traffic from the inside network.
!
exit
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
!
!-- Step 2. Apply the ACL to interface F0/1.
!
interface fa0/1
ip access-group 110 in
!
No comments:
Post a Comment