Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
936
Views
0
Helpful
4
Replies

Can someone please check my ACL configuration

Bimsara
Level 1
Level 1

‎11-10-2019 03:45 AM - edited ‎11-10-2019 06:05 AM

  1. For VLAN 105, configure only NAMED Standard and NAMED Extended ACLs, based on the following requirements:
    1. PCs in VLAN 105 only are permitted HTTP access to Web Server A and denied ALL other access to Web Server A
    2. PCs in VLAN 105 are denied ALL         access to Web Server B
  • PCs in VLAN 105 are denied TELNET access to Red router
  • iv) PCs in VLAN 105 are permitted TELNET access to Blue router (I didnt configure this becuase im unsure whether if i have to configure this on the Red Router or in the Blue Router)
  1. v) All PCs in all VLANs permitted   ALL         access to “The Internet” and Database Server LAN

 

Can someone please see if i have configured the ACLs correctly also please tell me where to configure (iv) , i have attached images of my topology with web server ip addresses as well, any help would be much appreciated, thank you.

 

ACL105 - 192.168.2.0/ 25

 

-----------Red Router---------------------------

 

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0/1.1

encapsulation dot1Q 1 native

ip address 192.168.1.254 255.255.254.0

!

interface GigabitEthernet0/0/1.105

encapsulation dot1Q 105

ip address 192.168.2.126 255.255.255.128

ip helper-address 192.168.2.153

ip access-group ACLVLAN105 in

!

interface GigabitEthernet0/0/1.305

encapsulation dot1Q 305

ip address 192.168.2.142 255.255.255.240

!

interface Serial0/1/0

ip address 192.168.2.154 255.255.255.252

encapsulation frame-relay ietf

frame-relay map ip 192.168.2.154 115

!

interface Serial0/1/0.115 point-to-point

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

no ip address

clock rate 2000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

router eigrp 10

passive-interface GigabitEthernet0/0/1

network 192.168.0.0 0.0.1.255

network 192.168.2.0 0.0.0.127

network 192.168.2.128 0.0.0.15

network 192.168.2.144 0.0.0.7

network 192.168.2.152 0.0.0.3

 

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.2.153

!

ip flow-export version 9

!

!

ip access-list standard ACLTELNET

deny 192.168.2.0 0.0.0.127

permit any

ip access-list extended ACLVLAN105

permit tcp 192.168.2.0 0.0.0.127 host 140.0.0.1 eq www

deny ip 192.168.2.0 0.0.0.127 host 140.0.0.1

deny ip 192.168.2.0 0.0.0.127 host 135.0.0.35

permit tcp 192.168.2.0 0.0.0.127 host 192.168.2.153 eq telnet

permit ip any host 150.0.0.2

permit ip any host 192.168.2.145

permit ip any any

!

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

!

line aux 0

!

line vty 0 4

access-class ACLTELNET in

password cisco

login

!

!

!

end

 

 

Preview file
22 KB
Preview file
40 KB
Practice2.zip
0 Helpful
4 Replies 4

luis_cordova
VIP Alumni
VIP Alumni

‎11-10-2019 04:50 AM

Hi @Bimsara 

 

Compress your exercise (winzip) with your progress and attach it to check

Regards

0 Helpful

Bimsara
Level 1
Level 1
In response to luis_cordova

‎11-10-2019 06:05 AM

I have attached the pkt tracer file, thank you
0 Helpful

Bimsara
Level 1
Level 1
In response to luis_cordova

‎11-10-2019 06:09 AM

If possible can you please check my NAT configuration as well, because show ip NAT translations show nothing
0 Helpful

Bimsara
Level 1
Level 1

‎11-10-2019 06:06 AM - edited ‎11-10-2019 06:07 AM

 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card