Ciao a tutti,
in 2 simulazioni del testking per la ccna viene chiesto di inibire telnet in un caso e il ping nell'altro caso, verso un router.
Creata l'access-list corretta, questa viene applicata alle 2 interfacce dsiponibili e0 e so, ma in un caso "in" per tutte e due le interfacce, mentre nell'altro caso sulla seriale "in" e sulla e0 "out".
Perchè?
se non sbaglio come regola generale le access-list standard vengono applicate più vicine alla destinazione, mentre le extended vicino alla sorgente.
Direzione Access-list
Moderatore: Federico.Lagni
-
Vuvi
- n00b
- Messaggi: 10
- Iscritto il: mar 10 apr , 2007 6:17 pm
Forse non mi sono spiegato molto bene, ecco le due simulazioni...
QUESTION NO: 14 SIMULATION
You are the administrator of the TestKing network which is composed of three
routers connected together via a WAN as shown in the diagram. Your assignment is
to configure and apply an access control list that will block telnet access to the
TestKing1 router without inhibiting all other traffic. The access list won't need more
then 3 statements and it should be applied to the TestKing3 router. The three
routers are already connected and configured as follows:
* The routers are named: TestKing1, TestKing2, and TestKing3 respectively.
* All three of them are using RIP as the routing protocol.
* The serial 0 interfaces are providing clocking.
* The default subnet mask is used on every interface.
* The IP addresses and passwords are listed below.
TestKing1
E0 192.168.1.1
S0 192.168.118.1
Secret password: testking
TestKing2
E0 192.168.121.1
S0 192.168.5.1
S1 192.168.118.2
Secret password: testking
TestKing3
E0 192.168.134.1
S1 192.168.5.2
Answer:
Explanation:
TestKing3>enable
:password
TestKing3#show access-lists (** redundant **)
TestKing3#config t
.Enter configuration commands, one per line. End with END
TestKing3(config)#access-list 101 deny tcp any 192.168.1.1 0.0.0.0 eq 23
TestKing3(config)#access-list 101 deny tcp any 192.168.118.0 0.0.0.0 eq 23
TestKing3(config)#access-list 101 permit ip any any
TestKing3(config)#interface Ethernet 0
TestKing3(config-if)#ip access-group 101 in
TestKing3(config-if)#exit
TestKing3(config)#interface serial 0
TestKing3(config-if)#ip access-group 101 in
TestKing3(config-if)#<CTRL-Z
..
TestKing3#copy running-config startup-config
QUESTION NO: 18 SIMULATION
The TestKing WAN is displayed below:
You work as a network engineer at TestKing.com. Three TestKing stores have
established network connectivity. The routers are named TestKing1, TestKing2,
and TestKing3. The manager at the TestKing site, Tess King, has decided to deny
the ability of anyone from any other network to connect to the TestKing3 router
with the ping command. Implement an access list on the TestKing3 router to deny
this detection but allow all other types of traffic to pass. The access list should
contain no more than three statements. The routers have been configured with the
following specifications:
* The routers are named TestKing1, TestKing2, and TestKing3.
* RIP is the routing protocol.
* Clocking signal is provided on the serial 0 interfaces.
* The password on each router is "testking".
* The subnet mask on all interfaces is the default mask.
* The IP addresses are listed in the chart below.
TestKing1
E0 192.168.49.1
S0 192.168.51.1.
TestKing2
E0 192.168.53.1
S0 192.168.55.1
S1 192.168.51.2
TestKing3
E0 192.168.57.1
S1 192.168.55.2
To configure the router click on the host icon that is connected to a router by a
serial console cable.
Answer:
Explanation:
Click on Host 6 to connect to and configure TestKing3.
configure terminal
access-list 101 deny icmp any 192.168.57.1 0.0.0.0
access-list 101 deny icmp any 192.168.55.2 0.0.0.0
access-list 101 permit ip any any
Interface s1
Ip access-group 101 in
interface ethernet0
ip access-group 101 out
ctrl z
copy running-config startup-config
QUESTION NO: 14 SIMULATION
You are the administrator of the TestKing network which is composed of three
routers connected together via a WAN as shown in the diagram. Your assignment is
to configure and apply an access control list that will block telnet access to the
TestKing1 router without inhibiting all other traffic. The access list won't need more
then 3 statements and it should be applied to the TestKing3 router. The three
routers are already connected and configured as follows:
* The routers are named: TestKing1, TestKing2, and TestKing3 respectively.
* All three of them are using RIP as the routing protocol.
* The serial 0 interfaces are providing clocking.
* The default subnet mask is used on every interface.
* The IP addresses and passwords are listed below.
TestKing1
E0 192.168.1.1
S0 192.168.118.1
Secret password: testking
TestKing2
E0 192.168.121.1
S0 192.168.5.1
S1 192.168.118.2
Secret password: testking
TestKing3
E0 192.168.134.1
S1 192.168.5.2
Answer:
Explanation:
TestKing3>enable
:password
TestKing3#show access-lists (** redundant **)
TestKing3#config t
.Enter configuration commands, one per line. End with END
TestKing3(config)#access-list 101 deny tcp any 192.168.1.1 0.0.0.0 eq 23
TestKing3(config)#access-list 101 deny tcp any 192.168.118.0 0.0.0.0 eq 23
TestKing3(config)#access-list 101 permit ip any any
TestKing3(config)#interface Ethernet 0
TestKing3(config-if)#ip access-group 101 in
TestKing3(config-if)#exit
TestKing3(config)#interface serial 0
TestKing3(config-if)#ip access-group 101 in
TestKing3(config-if)#<CTRL-Z
..
TestKing3#copy running-config startup-config
QUESTION NO: 18 SIMULATION
The TestKing WAN is displayed below:
You work as a network engineer at TestKing.com. Three TestKing stores have
established network connectivity. The routers are named TestKing1, TestKing2,
and TestKing3. The manager at the TestKing site, Tess King, has decided to deny
the ability of anyone from any other network to connect to the TestKing3 router
with the ping command. Implement an access list on the TestKing3 router to deny
this detection but allow all other types of traffic to pass. The access list should
contain no more than three statements. The routers have been configured with the
following specifications:
* The routers are named TestKing1, TestKing2, and TestKing3.
* RIP is the routing protocol.
* Clocking signal is provided on the serial 0 interfaces.
* The password on each router is "testking".
* The subnet mask on all interfaces is the default mask.
* The IP addresses are listed in the chart below.
TestKing1
E0 192.168.49.1
S0 192.168.51.1.
TestKing2
E0 192.168.53.1
S0 192.168.55.1
S1 192.168.51.2
TestKing3
E0 192.168.57.1
S1 192.168.55.2
To configure the router click on the host icon that is connected to a router by a
serial console cable.
Answer:
Explanation:
Click on Host 6 to connect to and configure TestKing3.
configure terminal
access-list 101 deny icmp any 192.168.57.1 0.0.0.0
access-list 101 deny icmp any 192.168.55.2 0.0.0.0
access-list 101 permit ip any any
Interface s1
Ip access-group 101 in
interface ethernet0
ip access-group 101 out
ctrl z
copy running-config startup-config
-
Vuvi
- n00b
- Messaggi: 10
- Iscritto il: mar 10 apr , 2007 6:17 pm
L'immagine non riesco a postarla, neanche come allegato pur essendo pochi K mi dice che sono sopra al limite.....
Comunque i 3 router erano messi in fila orizzontale, collegati tra loro con una seriale, e da tutti e 3 i router sull'interfaccia ethernet c'era collegato un hub e poi 2 pc per ogni hub.
Magari era un errore del testking...
E' la quarta volta che lo rifaccio tutto e adesso sbaglio circa l'8 / 9% di domande, sarebbe ora di provare a dare l'esame???
Comunque i 3 router erano messi in fila orizzontale, collegati tra loro con una seriale, e da tutti e 3 i router sull'interfaccia ethernet c'era collegato un hub e poi 2 pc per ogni hub.
Magari era un errore del testking...
E' la quarta volta che lo rifaccio tutto e adesso sbaglio circa l'8 / 9% di domande, sarebbe ora di provare a dare l'esame???
