Lab Access List
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Lab Access List as PDF for free.
More details
- Words: 452
- Pages: 4
LAB Access-list
`Using wildcard-mask • In order to support the filtering and management machenism, we should have a proper ip assignment scheme • We tend to divide network elements into 2 parts : – Key divices: routers, switches, servers, hubs… – Normal stations: PCs, laptops, IP phones… then
• We need to apply different policies for these 2 so wildcard-mask must be able to distinguish them
1
`Using wildcard-mask • We may devide network IP range into 2 halves, the lower half for key devices, the higher half for normal stations, then use the highest bit in the IP host portion to filter. • E.g: subnet 210.13.22.64/27, check the 28th bit – Key devices half: 210.13.22.65 – 210.13.22.79 filter: 210.13.22.64 0.0.0.15 – Normal stations half: 210.13.22.80 – 210.13.22.94 filter: 210.13.22.80 0.0.0.15
`Using wildcard-mask • In the network, there are team A and team B, all team A have odd IP number and all team B have even IP number, how to filter traffic from each team? – Team A: 210.13.22.65 0.0.0.14 – Team B: 210.13.22.64 0.0.0.14
2
`Using wildcard-mask Web Server
•In Engineering network: 198.6.23.16/28
E0
-Prevent all stations from telnet to any key network devices
E0
R_C
R_D
S0
S0 S0
S0
-All stations only allowed to fpt to File Server and access web in Web Server
R_E F0/0
-File Server offers only ftp service to inner-network and Web Server.
E0 E0 R_B
R_A E1
•All stations in all Ethernet networks are not allowed to telnet to any router
Enginering E1
File Server
`ACL Challenge 220.16.30.0/24
•Outer-network can’t ping into innernetwork •Do not allow outer-network to access inner-network with TCP traffic.
R1
•Hosts in Net1 are not allowed to access to Net3 Net3 •The Web Server(.66) is available to all users within inner-network (Web only)
R2
•Packets between PC1(.48) and PC3 (.80) are only allowed if routed across the direct serial link •Telnet to routers only from PC1
192.168.10.0/24
.96
PC1
•Net2 and Net3 can go freely to the outer-network, Net1 can only go by WEB
R3
PC2
Net1 .32
PC3
Web
Net2 .64
•All other kind of traffic is allowed
3
`LAB Topology Static
IGRP 88 REQUIREMENTS: - In each network, normal stations take upper IP range, key devices take lower IP range - Allow all host to access Internet except using FTP - Allow entire Ethernet network attached to RD full access to Proxy Server and Mail Server - Allow public access to web site on Mail Server but not to all other services - Only stations attached to RE are allowed to telnet Routers - Allow all hosts on the internal network to use FTP, telnet, HTTP, DNS and no other services - Disallow all other access
4
`Using wildcard-mask • In order to support the filtering and management machenism, we should have a proper ip assignment scheme • We tend to divide network elements into 2 parts : – Key divices: routers, switches, servers, hubs… – Normal stations: PCs, laptops, IP phones… then
• We need to apply different policies for these 2 so wildcard-mask must be able to distinguish them
1
`Using wildcard-mask • We may devide network IP range into 2 halves, the lower half for key devices, the higher half for normal stations, then use the highest bit in the IP host portion to filter. • E.g: subnet 210.13.22.64/27, check the 28th bit – Key devices half: 210.13.22.65 – 210.13.22.79 filter: 210.13.22.64 0.0.0.15 – Normal stations half: 210.13.22.80 – 210.13.22.94 filter: 210.13.22.80 0.0.0.15
`Using wildcard-mask • In the network, there are team A and team B, all team A have odd IP number and all team B have even IP number, how to filter traffic from each team? – Team A: 210.13.22.65 0.0.0.14 – Team B: 210.13.22.64 0.0.0.14
2
`Using wildcard-mask Web Server
•In Engineering network: 198.6.23.16/28
E0
-Prevent all stations from telnet to any key network devices
E0
R_C
R_D
S0
S0 S0
S0
-All stations only allowed to fpt to File Server and access web in Web Server
R_E F0/0
-File Server offers only ftp service to inner-network and Web Server.
E0 E0 R_B
R_A E1
•All stations in all Ethernet networks are not allowed to telnet to any router
Enginering E1
File Server
`ACL Challenge 220.16.30.0/24
•Outer-network can’t ping into innernetwork •Do not allow outer-network to access inner-network with TCP traffic.
R1
•Hosts in Net1 are not allowed to access to Net3 Net3 •The Web Server(.66) is available to all users within inner-network (Web only)
R2
•Packets between PC1(.48) and PC3 (.80) are only allowed if routed across the direct serial link •Telnet to routers only from PC1
192.168.10.0/24
.96
PC1
•Net2 and Net3 can go freely to the outer-network, Net1 can only go by WEB
R3
PC2
Net1 .32
PC3
Web
Net2 .64
•All other kind of traffic is allowed
3
`LAB Topology Static
IGRP 88 REQUIREMENTS: - In each network, normal stations take upper IP range, key devices take lower IP range - Allow all host to access Internet except using FTP - Allow entire Ethernet network attached to RD full access to Proxy Server and Mail Server - Allow public access to web site on Mail Server but not to all other services - Only stations attached to RE are allowed to telnet Routers - Allow all hosts on the internal network to use FTP, telnet, HTTP, DNS and no other services - Disallow all other access
4
Related Documents
Lab Access List
November 2019 30
Lab List
May 2020 20
Ms Access Lab Manual
October 2019 14
Access List (full Screen)
April 2020 24
Access List- Hameed Baig
May 2020 17