8/15/2019 Ccna-lab-sim (CCNA Access List Sim 2 )

http://slidepdf.com/reader/full/ccna-lab-sim-ccna-access-list-sim-2- 1/6

ccna-lab-sim

Question

 A network associate is adding security to the configuration of the Corp1 router. The user 

on host C should be able to use a web browser to access financial information from the

Finance Web Server. o other hosts from the !A nor the Core should be able to use a

web browser to access this server. Since there are multiple resources for the

corporation at this location including other resources on the Finance Web Server" all

other traffic should be allowed.

The task is to create and apply an access#list with no more than three statements thatwill allow $!% host C web access to the Finance Web Server. o other hosts will have

web access to the Finance Web Server. All other traffic is permitted.

 Access to the router C!& can be gained by clicking on the appropriate host.

 All passwords have been temporarily set to 'cisco'.

The Core connection uses an &( address of 1)*.1*.1)+.+,

The computers in the -osts !A have been assigned addresses of 1).1+*.//.1 #

1).1+*.//.,0

-ost A 1).1+*.//.1

-ost 1).1+*.//.

-ost C 1).1+*.//./

-ost 2 1).1+*.//.0

The servers in the Server !A have been assigned addresses of 13..0.13 #

13..0./4

The Finance Web Server is assigned an &( address of 13..0./.

8/15/2019 Ccna-lab-sim (CCNA Access List Sim 2 )

http://slidepdf.com/reader/full/ccna-lab-sim-ccna-access-list-sim-2- 2/6

Answer and Explanation

Question

 A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web

Server. o other hosts from the !A nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including

other resources on the Finance Web Server" all other traffic should be allowed.

The task is to create and apply an access#list with no more than three statements that will allow $!% host C web access to the Finance Web Server. o other hosts will have web access to

the Finance Web Server. All other traffic is permitted.

 Access to the router C!& can be gained by clicking on the appropriate host.

 All passwords have been temporarily set to 'cisco'.

The Core connection uses an &( address of 1)*.1*.1)+.+,

The computers in the -osts !A have been assigned addresses of 1).1+*.//.1 # 1).1+*.//.,0

-ost A 1).1+*.//.1

-ost 1).1+*.//.

-ost C 1).1+*.//./

-ost 2 1).1+*.//.0

The servers in the Server !A have been assigned addresses of 13..0.13 # 13..0./4

The Finance Web Server is assigned an &( address of 13..0./.

8/15/2019 Ccna-lab-sim (CCNA Access List Sim 2 )

http://slidepdf.com/reader/full/ccna-lab-sim-ccna-access-list-sim-2- 3/6

8/15/2019 Ccna-lab-sim (CCNA Access List Sim 2 )

http://slidepdf.com/reader/full/ccna-lab-sim-ccna-access-list-sim-2- 4/6

We learn that interface Fast8thernet491 is the interface connected to Server !A network. &t is the interface we will apply our access#list 5for outbound direction6.

Corp1#configure terminal

$ur access#list needs to allow host C # 1).1+*.//./ to the Finance Web Server 13..0./ via web 5port *46

Corp1(config)#access-list 1 permit tcp host 1!"1$%&&& host 1'""""""& e %

2eny other hosts access to the Finance Web Server via web

Corp1(config)#access-list 1 den* tcp an* host 1'""""""& e %

 All other traffic is permitted

Corp1(config)#access-list 1 permit ip an* an*

 Apply this access#list to Fa491 interface 5outbound direction6

Corp1(config)#interface fa+1

Corp1(config-if)#ip access-group 1 out

otice: We have to apply the access#list to Fa491 interface 5not Fa494 interface6 so that the access#list can filter traffic coming from the Core network.

,n the real exam" ;ust click on host C and open its web browser. &n the address bo< type http++1'""""""&  to check if you are allowed to access Finance Web Server or not. &f your

configuration is correct then you can access it.

Click on other hosts 5A" and 26 and check to make sure you can=t access Finance Web Server from these hosts.

Finally" save the configuration

Corp1(config-if)#end

Corp1#cop* running-config startup-config

5This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic # like FT(" S>T(... then other hosts can access it" too.6

otice: &n the real e<am" you might be asked to allow other host 5A" or 26 to access the Finance Web Server so please read the re?uirement carefully.

8/15/2019 Ccna-lab-sim (CCNA Access List Sim 2 )

http://slidepdf.com/reader/full/ccna-lab-sim-ccna-access-list-sim-2- 5/6

& created this sim in (acket Tracer v,..1 so you can practice with it. %ou will need new version of (acket Tracer to open it 5v,.1@6.

otice: After typing the commands above" if you make a 'ping' from other hosts 5(C4" (C1" (C/6 then (C0 5Finance Web Server6 can still reply because we ;ust filter -TT( traffic" not &C>(

traffic. To generate -TT( traffic" select 'Web rowser' in the '2esktop' tab of these (Cs. When a web browser opens" type the &( address of Finance Web Server and you can see how traffic

flows in Simulation >ode.

8/15/2019 Ccna-lab-sim (CCNA Access List Sim 2 )

http://slidepdf.com/reader/full/ccna-lab-sim-ccna-access-list-sim-2- 6/6

 And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access#list that can filter this traffic too.