- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2020 06:44 PM
Hi, I'm trying to configure two access-lists for a learning exercise but I can't fully understand the topic.
The assignment is two configure access-lists in a way that PC0 can only access FTP server and PC1 can only access DNS server (Note: the servers are just symbolic, they aren't needed to be configured).
My problem is that I don't know where to put the access-lists, wheter is in the PC routers, the central router or the switch router. I even thought about making vlans in the switch and then introducing the list in there but that seems impossible.
I appreciate any kind of help or advice, thank you.
Solved! Go to Solution.
- Labels:
-
Network Management
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2020 06:01 PM
Okay, I was told how to do it.
Another user answered with extended acl but I had to do it with standard, so, I had to implement VLAN's and subinterfaces in R3.
Anyways, here's the solution file and thank you for passing by.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2020 03:24 PM
Hi,
It is a good practice to do filtering as close as possible to the equipment.
You should put the acl on the routers which are directly linked to PCs.
To be more precise, on the Fa0/0 interconnection interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2020 04:28 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2020 04:35 PM
Ok, I tried to evaluate the logic behind what you said but I don't seem to comprehend it. How does putting the acl in the equipment routers will prevent the PC's from accesing the server that isn't theirs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2020 05:44 AM - edited 03-24-2020 05:46 AM
You can do that :
Router0
ip access-list extented PC0
permit tcp 192.168.4.2 255.255.255.255 192.168.1.2 eq ftp
deny ip any any
interface Fa0/0
ip access-group PC0 in
Router1
ip access-list extented PC1
permit udp 192.168.6.2 255.255.255.255 192.168.1.3 eq domain
deny ip any any
interface Fa0/0
ip access-group PC1 in
In this way, acl will filter as close as possible to PC's.
PC's will only be able to access their server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2020 06:01 PM
