Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2722
Views
0
Helpful
5
Replies

Access-lists in a simple configuration

Go to solution
Marco_Cordero
Level 1
Level 1

‎03-22-2020 06:44 PM

Hi, I'm trying to configure two access-lists for a learning exercise but I can't fully understand the topic.

The assignment is two configure access-lists in a way that PC0 can only access FTP server and PC1 can only access DNS server (Note: the servers are just symbolic, they aren't needed to be configured).

 

My problem is that I don't know where to put the access-lists, wheter is in the PC routers, the central router or the switch router. I even thought about making vlans in the switch and then introducing the list in there but that seems impossible.

 

I appreciate any kind of help or  advice, thank you.

Labels:
acl.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marco_Cordero
Level 1
Level 1

‎03-24-2020 06:01 PM

Okay, I was told how to do it.

Another user answered with extended acl but I had to do it with standard, so, I had to implement VLAN's and subinterfaces in R3.

Anyways, here's the solution file and thank you for passing by.

View solution in original post

solution.zip
0 Helpful
5 Replies 5

Go to solution
Quentin Gabrel
Level 1
Level 1

‎03-23-2020 03:24 PM

Hi,

 

It is a good practice to do filtering as close as possible to the equipment.
You should put the acl on the routers which are directly linked to PCs.
To be more precise, on the Fa0/0 interconnection interface.

0 Helpful

Go to solution
Marco_Cordero
Level 1
Level 1
In response to Quentin Gabrel

‎03-23-2020 04:28 PM

I'll try it, thanks!
0 Helpful

Go to solution
Marco_Cordero
Level 1
Level 1
In response to Quentin Gabrel

‎03-23-2020 04:35 PM

Ok, I tried to evaluate the logic behind what you said but I don't seem to comprehend it. How does putting the acl in the equipment routers will prevent the PC's from accesing the server that isn't theirs?

0 Helpful

Go to solution
Quentin Gabrel
Level 1
Level 1
In response to Marco_Cordero

‎03-24-2020 05:44 AM - edited ‎03-24-2020 05:46 AM

You can do that :

 

Router0

 

ip access-list extented PC0

permit tcp 192.168.4.2 255.255.255.255 192.168.1.2 eq ftp

deny ip any any

 

interface Fa0/0

ip access-group PC0 in

 

Router1

 

ip access-list extented PC1

permit udp 192.168.6.2 255.255.255.255 192.168.1.3 eq domain

deny ip any any

 

interface Fa0/0

ip access-group PC1 in

 

In this way, acl will filter as close as possible to PC's.
PC's will only be able to access their server

0 Helpful

Go to solution
Marco_Cordero
Level 1
Level 1

‎03-24-2020 06:01 PM

Okay, I was told how to do it.

Another user answered with extended acl but I had to do it with standard, so, I had to implement VLAN's and subinterfaces in R3.

Anyways, here's the solution file and thank you for passing by.

solution.zip
0 Helpful
Customers Also Viewed These Support Documents
Top