Static Access List
 |
| Static Access List |
Problem: Use Static ACL so that only PC0 from IT and PC2 from HR will be
able to communicate with Admin. All other PC will be blocked from Admin
network.
You can think Admin network is Source and IT & HR are destinations. We have to apply ACL in the source f0/0 interface.
First we have to configure the whole network so that all the PC can communicate with each other. We can use any protocol like RIP-2, EIGRP, Static etc to configure this network. I have used RIP-2. After configuring the network please check that they can really ping each other.
Static ACL.pkt
Router>enable
Router#conf terminal
Router(config)#access-list 10 permit 192.168.10.2 0.0.0.0
Router(config)#access-list 10 permit 192.168.20.2 0.0.0.0
Router(config)#access-list 10 deny 192.168.10.0 0.0.0.7
Router(config)#access-list 10 deny 192.168.20.0 0.0.0.7
Router(config)#access-list 10 permit any
Router(config)#
Router#
Router#enable
Router#conf t
Router(config)#interface f0/0
Router(config-if)#ip access-group 10 out
Router(config-if)#exit
Router>
Router>enable
Router#configure terminal
Router(config)#interface f0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 192.168.20.1 255.255.255.248
Router(config-if)#exit
Router(config)#interface s0/0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 10.0.0.2 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#interface s0/0/1
Router(config-if)#no shutdown
Router(config-if)#ip address 10.0.0.5 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#router rip
Router(config-router)#v 2
Router(config-router)#network 10.0.0.0
Router(config-router)#network 192.168.20.0
Router(config-router)#network 10.0.0.4
Router(config-router)#exit
Router(config)#
Result: Now Only PC0 & PC2 can ping Admin PC. Admin also can ping them.
But no communication between PC1 & PC3 with Admin.
You can think Admin network is Source and IT & HR are destinations. We have to apply ACL in the source f0/0 interface.
First we have to configure the whole network so that all the PC can communicate with each other. We can use any protocol like RIP-2, EIGRP, Static etc to configure this network. I have used RIP-2. After configuring the network please check that they can really ping each other.
Static ACL.pkt
Router>enable
Router#conf terminal
Router(config)#access-list 10 permit 192.168.10.2 0.0.0.0
Router(config)#access-list 10 permit 192.168.20.2 0.0.0.0
Router(config)#access-list 10 deny 192.168.10.0 0.0.0.7
Router(config)#access-list 10 deny 192.168.20.0 0.0.0.7
Router(config)#access-list 10 permit any
Router(config)#
Router#Router#enable
Router#conf t
Router(config)#interface f0/0
Router(config-if)#ip access-group 10 out
Router(config-if)#exit
Router>
Router>enable
Router#configure terminal
Router(config)#interface f0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 192.168.20.1 255.255.255.248
Router(config-if)#exit
Router(config)#interface s0/0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 10.0.0.2 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#interface s0/0/1
Router(config-if)#no shutdown
Router(config-if)#ip address 10.0.0.5 255.255.255.252
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#router rip
Router(config-router)#v 2
Router(config-router)#network 10.0.0.0
Router(config-router)#network 192.168.20.0
Router(config-router)#network 10.0.0.4
Router(config-router)#exit
Router(config)#
Result: Now Only PC0 & PC2 can ping Admin PC. Admin also can ping them.
But no communication between PC1 & PC3 with Admin.
Comments
Post a Comment