• No results found

NetworkSec Solutions

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "NetworkSec Solutions"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

NetworkSec Solutions

CCNA LAB Manual & Basic Concepts

LAB 1 – Router Basic Configuration - Page 2 to 4 LAB 2 – WAN interface Configuration

Task1: WAN configuration - 2 routers - Page 5 to 6 Task2: WAN configuration - 3 routers - Page 7 to 8 Task3: Configure LAN network for 3 routers - Page 9 to 10 LAB 3 – Static & Default Routing

Task1: Static Routing -Page 11 to 13 Task2: Default Routing -Page 14 to 15 LAB 4 – Dynamic Routing – EIGRP -Page 16 to 19 LAB 5 – Dynamic Routing – OSPF

Task1: Single Area - Page 20 to 25 Task2: Multi Area - Page 26 to 29 LAB 6 – Access Control Lists – Standard ACLs - Page 32 to 34 LAB 7 – Access Control Lists – Extended ACLs - Page 35 to 38 LAB 8 – Access Control Lists – Named ACLs - Page 39 to 45 LAB 9 – Network Address Translation – Static NAT, Dynamic NAT & PAT - Page LAB 10 – Switching – VLAN, Trunk, VTP & EtherChannel - Page LAN 11 – Switching – STP, RSTP, MSTP - Page LAB 12 – Switching – HSRP, VRRP, GLBP - Page LAB 13 – Wireless Access Point & WLC Configuration

LAB 14 – Basic configuration of Cisco ASA

LAB 15 - (Bonus) Password recovery of Switch & Router. LAB 16 – (Bonus) Securing the Routers

Basic Concepts and Definitions

(2)

LAB 8

– Access Control List (ACL) – Named

Task1: Standard Named ACL

Task2: Extended Named ACL

Exercise Task1: Standard Named ACL

Block the access from 192.168.1.0/24 to 192.168.3.0/24.

Implement ACL on BR3 Interface Gi0/0/0. (Standard ACLs implement near to

the destination network).

Exercise Task: Extended Named ACL

Block the access from 192.168.2.0/24 to 192.168.1.0/24.

Allow the access from 192.168.2.0/24 to 192.168.3.0/24.

Implement ACL on BR2 Interface Gi0/0/0. (Extended ACLs implement near to

the Source network).

Pre-configuration: Routing should be configured on all the routers to

establish communication between PC1, PC2, PC3.

Gi0/0/0 BR1 SW1 PC1 Gi0/0/0 BR2 SW2 PC2 S0/1/0 S0/1/1 10.0.0.1/24 10.0.0.2/24 Gi0/0/0 BR3 SW3 PC3 S0/1/1 11.0.0.2/24 S0/1/0 11.0.0.1/24 192.168.1.100/24 192.168.2.100/24 192.168.3.100/24 IP Address:192.168.1.1 Subnet Mask: 255.255.255.0 Gateway: 192.168.1.100 IP Address:192.168.2.1 Subnet Mask: 255.255.255.0 Gateway: 192.168.2.100 IP Address:192.168.3.1 Subnet Mask: 255.255.255.0 Gateway: 192.168.3.100

(3)

Exercise Task1: Standard Named ACL

Block the access from 192.168.1.0/24 to 192.168.3.0/24.

Implement ACL on BR3 Interface Gi0/0/0. (Standard ACLs implement near to

the destination network).

Remove the LAB Access-list configuration by using below commands (if you

have ACL configuration already on the router from LAB6).

Step1: Remove ACL on BR3

BR3(config)# no access-list 10

Step2: Remove the configuration on the Interface

BR3(config)#interface gigabitEthernet 0/0/0

BR3(config-if) # no ip access-group 10 out

BR3(config-if) #end

BR3#

(4)

Step1: Configure named ACL on BR3

BR3(config)#ip access-list standard STANDARD_ACL

BR3(config-std-nacl)#deny 192.168.1.0 0.0.0.255

BR3(config-std-nacl)#permit any

BR3(config-std-nacl)#end

BR3#

Step2: Implement on the Interface

BR3(config)#interface gigabitEthernet 0/0/0

BR3(config-if)#ip access-group STANDARD_ACL out

BR3(config-if)#end

BR3#

After configuring ACL on BR3, PC1 is not able to ping PC3.

SHOW COMMANDS

BR3#show access-lists

(5)

Exercise Task2: Extended Named ACL

Block the access from 192.168.2.0/24 to 192.168.1.0/24.

Allow the access from 192.168.2.0/24 to 192.168.3.0/24.

Implement ACL on BR2 Interface Gi0/0/0. (Extended ACLs implement near to

the Source network).

Remove the LAB Access-list configuration by using below commands (if you

have ACL configuration already on the router from LAB6).

Step1: Remove ACL on BR2

BR3(config)# no access-list 100

Step2: Remove the configuration on the Interface

BR3(config)#interface gigabitEthernet 0/0/0

BR3(config-if) # no ip access-group 100 in

BR3(config-if) #end

(6)
(7)

Step1: Configure named ACL on BR2

BR2(config)#ip access-list extended EXTENDED_ACL

BR2(config-ext-nacl)#deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

BR2(config-ext-nacl)#permit ip any any

BR2(config-ext-nacl)#end

BR2#

Step1: Implement on Interface

BR2(config)#interface gigabitEthernet 0/0/0

BR2(config-if)#ip access-group EXTENDED_ACL in

BR2(config-if)#end

BR2#

SHOW COMMANDS

BR2#show access-lists

Extended IP access list EXTENDED_ACL

10 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 20 permit ip any any

After configuring ACL on BR2, PC2 is not able to ping to PC1 but can ping to

PC3.

(8)

References

Download now ( PDF - 8 Page - 587.75 KB )

Related documents

CBS Service Configuration Mode Commands

Command Modes Exec > Global Configuration > Context Configuration > Cell Broadcasting Service Configuration configure > context context_name cbs-service

Lab a Configure Remote Access Using Cisco Easy VPN

To enable policy lookup using local AAA, complete the following commands for the perimeter router beginning in global configuration mode:.. Enable

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie )

Switch basic configuration and port security Switch show commands Switch configuration command Configure switch using web Spanning tree protocol working Portfast and ether

Access List Commands

IPv6 access lists are defined by using the ipv6 access-list command in XR Config mode mode and their permit and deny conditions are set by using the deny and permit commands in

CWMP configuration commands

Use undo cwmp cpe inform interval enable to restore the default.. By default, periodical sending of Inform messages

Routing Protocol Configuration Commands

global Means the description of static routes in the global routing table, which description the next-hop address depends on.. max-number Sets the maximum number of routes for the

LISP Interface Configuration Commands

To configure a source locator to be used for IPv4 Locator/ID Separation Protocol (LISP) encapsulated packets, use the ip lisp source-locator command in interface configuration mode..

Rip Protocol Configuration Commands

Task Configure RIP Step 1 Enable dynamic routing To well a dynamic routing protocol enter global configuration mode and flesh the router command..