cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

367
Views
0
Helpful
4
Replies
Highlighted
Beginner

Can someone please check my ACL configuration

  1. For VLAN 105, configure only NAMED Standard and NAMED Extended ACLs, based on the following requirements:
    1. PCs in VLAN 105 only are permitted HTTP access to Web Server A and denied ALL other access to Web Server A
    2. PCs in VLAN 105 are denied ALL         access to Web Server B
  • PCs in VLAN 105 are denied TELNET access to Red router
  • iv) PCs in VLAN 105 are permitted TELNET access to Blue router (I didnt configure this becuase im unsure whether if i have to configure this on the Red Router or in the Blue Router)
  1. v) All PCs in all VLANs permitted   ALL         access to “The Internet” and Database Server LAN

 

Can someone please see if i have configured the ACLs correctly also please tell me where to configure (iv) , i have attached images of my topology with web server ip addresses as well, any help would be much appreciated, thank you.

 

ACL105 - 192.168.2.0/ 25

 

-----------Red Router---------------------------

 

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0/1.1

encapsulation dot1Q 1 native

ip address 192.168.1.254 255.255.254.0

!

interface GigabitEthernet0/0/1.105

encapsulation dot1Q 105

ip address 192.168.2.126 255.255.255.128

ip helper-address 192.168.2.153

ip access-group ACLVLAN105 in

!

interface GigabitEthernet0/0/1.305

encapsulation dot1Q 305

ip address 192.168.2.142 255.255.255.240

!

interface Serial0/1/0

ip address 192.168.2.154 255.255.255.252

encapsulation frame-relay ietf

frame-relay map ip 192.168.2.154 115

!

interface Serial0/1/0.115 point-to-point

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

router eigrp 10

passive-interface GigabitEthernet0/0/1

network 192.168.0.0 0.0.1.255

network 192.168.2.0 0.0.0.127

network 192.168.2.128 0.0.0.15

network 192.168.2.144 0.0.0.7

network 192.168.2.152 0.0.0.3

 

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.2.153

!

ip flow-export version 9

!

!

ip access-list standard ACLTELNET

deny 192.168.2.0 0.0.0.127

permit any

ip access-list extended ACLVLAN105

permit tcp 192.168.2.0 0.0.0.127 host 140.0.0.1 eq www

deny ip 192.168.2.0 0.0.0.127 host 140.0.0.1

deny ip 192.168.2.0 0.0.0.127 host 135.0.0.35

permit tcp 192.168.2.0 0.0.0.127 host 192.168.2.153 eq telnet

permit ip any host 150.0.0.2

permit ip any host 192.168.2.145

permit ip any any

!

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

!

line aux 0

!

line vty 0 4

access-class ACLTELNET in

password cisco

login

!

!

!

end

 

 

Everyone's tags (3)
4 REPLIES 4
Highlighted
VIP Advisor

Re: Can someone please check my ACL configuration

Hi @Bimsara 

 

Compress your exercise (winzip) with your progress and attach it to check

Regards

Highlighted
Beginner

Re: Can someone please check my ACL configuration

I have attached the pkt tracer file, thank you
Highlighted
Beginner

Re: Can someone please check my ACL configuration

If possible can you please check my NAT configuration as well, because show ip NAT translations show nothing
Highlighted
Beginner

Re: Can someone please check my ACL configuration

 
CreatePlease to create content
Content for Community-Ad