Cisco routers with ACL (access control list) capabilities interconnect the netwo

Question

Cisco routers with ACL (access control list) capabilities interconnect the network shown above. Assume that the

network set up is standalone in that it is not connected to outside networks. Write one or more ACLs to accomplish

each of the following (each specification is a separate question):

(a) Prevent all traffic from 192.168.2.0 from going to 192.168.1.0

(b) Prevent all traffic from 192.168.3.1 from going to 192.168.2.1

(c) Prevent FTP access from 2.1 to 3.1

(d) Prevent Telnet and FTP access from 3.1 to 1.1

(e) Prevent any SNMP traffic from 2.1 from leaving the network 192.168.2.0

Note: When the question specifies “Prevent …. something” it means other types of traffic must be permitted.

Explanation / Answer

(a) Prevent all traffic from 192.168.2.0 from going to 192.168.1.0
ans: access-list 10 deny 192.168.2.0 192.168.1.0

(b) Prevent all traffic from 192.168.3.1 from going to 192.168.2.1
ans access-list 10 permit 192.168.3.0 0.0.0.254 192.168.2.0 0.0.0.254
   access-list 10 deny any any

(c) Prevent FTP access from 2.1 to 3.1
ans access-list 10 deny tcp host 192.168.2.1 192.168.3.1 eq ftp

(d) Prevent Telnet and FTP access from 3.1 to 1.1
ans  access-list 10 deny tcp host 192.168.3.1 192.168.1.1 eq telnet
access-list 10 deny tcp host 192.168.3.1 192.168.1.1 eq ftp

(e) Prevent any SNMP traffic from 2.1 from leaving the network 192.168.2.0
ans access-list 10 deny udp host 192.168.2.1 any eq snmp


Note: number 10 after the access-list is the number used as access_permit, this can be any number like 101, 102, 10 etc.

for any queries kindly get back

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.