Thank you all for replying. I

onel.riveron · ‎05-03-2016

Hi all,

I'm very new to all this. In fact, this is my first class ever in routing. As you can probably guess, I'm loving it, but as much as I'm loving it, I'm also hitting many bumps.

I have a lab due and I need to design an ACL that blocks Telnet access from anywhere, however, it allows Telnet to 2 specific hosts in the diagram.

I have Router B with interface F0/1 and F0/0.

The ACL has to block Telnet access from everything to the host in Router B, interface F0/0. But access has to be allowed to 2 hosts in Router A, interface F0/1.

Host in Router B has IP 10.0.85.45.

Hosts in Router A have IP 10.0.180.55, 10.0.180.119, WC for those 2 hosts is 0.0.0.32.

All help will be greatly appreciated.

Thanks!!!

mpellegrino12 · ‎05-03-2016

Not sure I really understand your question.

John and Kevin need telnet access to which router?

You said all other telnet access needs to be denied, but then only mention Leo computer. What exactly is being denied?

If you post the exact questions on that paper I can help you out

onel.riveron · ‎05-04-2016

I'm sorry. I wrote it all kinda of in a hurry.

This is what I'm being asked to do:

Develop and implement an ACL that accomplishes the following:

-Grants Kevin and John access to leo's Telnet server, and

-Grants Alicia and Michael access to Mary's Telent server, and

-Denies hosts on Kevin's and John's subnet indirect access of any kind, except above

-Denies hosts on Alicia's and Michael's subnet indirect access of any kind, except above

-Allows all other communications

Looking at the diagram, what I understand is that I have to develop an ACL that allows communication to Leo's Telnet server only from Kevin and John.

Then whoever manages the other router would develop an ACL that grants access to Mary's Telnet server only from Alicia and Michael.

This is what I have come up with:

In Router B

ip access-list extended BlockTelnet

permit tcp 10.0.180.55 0.0.0.64 any

deny tcp 0.0.0.0 0.0.0.64 any

remark Allows Telnet access to Leo only from Kevin & John

Ben Gartland · ‎05-04-2016

To get you started, the commands to allow telnet FROM hosts John and Kevin TO Leo, you can use these ACLs:

! Allow John telnet access to Leo
access-list 100 permit tcp host 10.0.180.55 host 10.0.85.45 eq telnet
! Allow Kevin telnet access to Leo
access-list 100 permit tcp host 10.0.180.119 host 10.0.85.45 eq telnet
! Deny all other host telnet access to Leo
access-list 100 deny tcp 10.0.128.0 0.0.127.255 host 10.0.85.45 eq telnet
! Allow all other traffic
access-list 100 permit ip any any

Where:
TCP is the protocol of telnet
host 10.0.180.x (the first IP address) is the source of the traffic
host 10.0.85.45 is the destination (telnet server)
eq telnet is the destination port/service (23)

ACLs should be placed closest to the source of the traffic you want to filter. So apply this to the interface on Router A LAN interfaces:

int fa0/0
ip access-group 100 in
int fa0/1
ip access-group 100 in

*** You need more than this, this is one set of permit rules only, this is your lesson/study, so use my template and create the other rules you need to block traffic on the other router (Router B).

I don't understand the requirement of 'Denies hosts on Kevin's and John's subnet indirect access of any kind, except above' then 'Allows all other communications'. Can you explain more? These sound like they contradict each other. You may need more deny rules before the final permit rule. But from the description I can't work out what you need.

Regards,

Ben

onel.riveron · ‎05-09-2016

Thank you all for replying. I finally got this thing to work and the teacher went over it with me.

Creating ACLs