Hello here is a question that I have. I hopefully did not miss anything and sorry for the diagram (It is missing switch just being lazy):
(Lab A)s0(dce)---s1(dte)(Lab b)s0(dce)---(s1(dte)(Lab C)
|e0 |e0 |e0
[PC] [Pc] [PC]
lab a:
Name Dallas
E0: 207.112.159.1
S0: 207.112.75.1
lab b:
Name Ft Worth
E0: 207.112.112.1
S0: 207.112.201.1
S1: 207.112.75.2
lab c:
Name Austin
E0: 207.112.65.1
S1: 207.112.201.2
Your company xyz has 3 sites Dallas FtWorth, Austin. The sites are connected via a Wan. At each site a router provides the serial connectivity to the wan and an ethernet connectionto a LAN. All the three routers are configured completely and the network is fully functional. Configure and apply an access list that will prevent telenet access to the austin router while allowing all other traffic to pass. The access list should not contain more than 3 statements and should be applied to the Austin router.
Questions:
1) Which type of ACL to use?
Answer use Extended.
Austin(config)#access-list 105 deny tcp any 207.112.65.1 0.0.0.0 eq telnet
Austin(config)#access-list 105 deny tcp any 207.112.201.2 0.0.0.0 eq telnet
Austin(config)#access-list 105 permit ip any any
or
Austin(config)#access-list 105 deny tcp any host 207.112.65.1 eq telnet
Austin(config)#access-list 105 deny tcp any host 207.112.201.2 eq telnet
Austin(config)#access-list 105 permit ip any any
2) Where to place ACL?
Austin(config)#int s1
Austin(config-if)#ip access-group 105 in
Austin(config-if)#int e0
Austin(config-if)#ip access-group 105 in
Question1 is for the acl why are they setting the acl for the s1 and e0 destination? can you not just put the statement: access-list 105 deny tcp any 207.112.201.2 0.0.0.0 eq telnet?
And for question 2 why apply the acl to both interfaces? why not just s1?
Should those 2 block users from telnetting to this router?
If someone can clear this up for me I would appreciate it.
Thanks
Comptek
A+, Network+
(Lab A)s0(dce)---s1(dte)(Lab b)s0(dce)---(s1(dte)(Lab C)
|e0 |e0 |e0
[PC] [Pc] [PC]
lab a:
Name Dallas
E0: 207.112.159.1
S0: 207.112.75.1
lab b:
Name Ft Worth
E0: 207.112.112.1
S0: 207.112.201.1
S1: 207.112.75.2
lab c:
Name Austin
E0: 207.112.65.1
S1: 207.112.201.2
Your company xyz has 3 sites Dallas FtWorth, Austin. The sites are connected via a Wan. At each site a router provides the serial connectivity to the wan and an ethernet connectionto a LAN. All the three routers are configured completely and the network is fully functional. Configure and apply an access list that will prevent telenet access to the austin router while allowing all other traffic to pass. The access list should not contain more than 3 statements and should be applied to the Austin router.
Questions:
1) Which type of ACL to use?
Answer use Extended.
Austin(config)#access-list 105 deny tcp any 207.112.65.1 0.0.0.0 eq telnet
Austin(config)#access-list 105 deny tcp any 207.112.201.2 0.0.0.0 eq telnet
Austin(config)#access-list 105 permit ip any any
or
Austin(config)#access-list 105 deny tcp any host 207.112.65.1 eq telnet
Austin(config)#access-list 105 deny tcp any host 207.112.201.2 eq telnet
Austin(config)#access-list 105 permit ip any any
2) Where to place ACL?
Austin(config)#int s1
Austin(config-if)#ip access-group 105 in
Austin(config-if)#int e0
Austin(config-if)#ip access-group 105 in
Question1 is for the acl why are they setting the acl for the s1 and e0 destination? can you not just put the statement: access-list 105 deny tcp any 207.112.201.2 0.0.0.0 eq telnet?
And for question 2 why apply the acl to both interfaces? why not just s1?
Should those 2 block users from telnetting to this router?
If someone can clear this up for me I would appreciate it.
Thanks
Comptek
A+, Network+