ccna training » ccna access list sim 2
TRANSCRIPT
Type text to search here...
Home > CCNA Access List Sim 2
CCNA Access List Sim 2October 26th, 2010 Go to comments
Question
A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from theFinance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should be allowed.
The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have webaccess to the Finance Web Server. All other traffic is permitted.Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.
Answer and Explanation
Corp1>enable (you may enter “cisco” as it passwords here)
We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The ServerLAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show running-config” command to check which interface has the IP address of 172.22.242.30.
Corp1#show running-config
Ads by Google CCNA Practice Exam Cisco CCNA 640 802 Exam CCNA Get CCNA Certified
Cisco Video Conference Guide to your telepresence solution Download it for Free Here! Cisco.com/Cisco_Telepresence
I passed the CCIE R&S Lab on my first attempt! Steve Clarkin - CCIE #25821 www.INE.com/CCIE
Pass ACCA Exams 1st Time Career Service, LSBF ACCA Tutors Team+ Fully funded MBA/MSc Degree www.CA-MB
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 1/11
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).
Corp1#configure terminal
Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via web
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permitted
Corp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from the Core network.
In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. Ifyour configuration is correct then you can access it.
Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts.
Finally, save the configuration
Corp1(config-if)#endCorp1#copy running-config startup-config
(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.)
Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.
I created this sim in Packet Tracer v5.2.1 so you can practice with it. You will need new version of Packet Tracer to open it (v5.1+).
Download this sim here
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 2/11
Notice: After typing the commands above, if you make a “ping” from other hosts (PC0, PC1, PC3) then PC4 (Finance Web Server) can still reply because we just filter HTTP traffic,not ICMP traffic. To generate HTTP traffic, select “Web Browser” in the “Desktop” tab of these PCs. When a web browser opens, type the IP address of Finance Web Server andyou can see how traffic flows in Simulation Mode.
And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access-list that can filter this traffic too.
Other lab-sims on this site:
CCNA NAT SIM Question 1
CCNA NAT SIM Question 2
CCNA Frame Relay Sim
CCNA Configuration SIM Question (RIPv2 SIM)
CCNA VTP SIM
CCNA EIGRP LAB
CCNA Drag and Drop SIM
CCNA Implementation SIM
Comments
1. fatahDecember 2nd, 2010
hi friend how are you all ,i wont know what is egirp did it come for us today and which acl2thank you all
2. MoDecember 2nd, 2010
@ Fatah:
There will be a question about EGRIP and ACL too. The ACL question i had was this:
http://www.9tut.com/ccna-lab-sim/78-ccna-access-list-sim-2
and this one for egrip:
http://www.9tut.com/ccna-eigrp-questions
3. winDecember 2nd, 2010
pc-pt(pc4) does not provide http connection,replace with server or give ip address(172.22.242.29 )to public web server and provide accesslist to this ip as same as previouslydone .check
E2M Simulation systems 2 to 6 DOF motion simulation advanced cueing and control force www.e2mtechnologies.eu
Official Cisco Training CCNA, CCDA, CCNP, CCSP, CCVP, CCIP, CCDP, CCIE www.koenig-solutions.com
Rack Rental / Network Lab $79/mo for up to 360 hours - Over 20 modern Cisco / Juniper devices lab.ghoudakis.com
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 3/11
please correct me if i am wrong
4. ccnaDecember 7th, 2010
PLEASE CORRECT ME IF IM WRONG !!!
in/out interface could be determined by source and packets flow direction.
in my case i have applied on interface fa0/0 which facing 192.168.0.0 subnet.
this acl does exactly same – just wonder if theres problems with going my way on this…
5. ccnaDecember 7th, 2010
sorry forgot to be exact, i have applied :
interface fast0/0ip access-group 100 in
6. fatahDecember 7th, 2010
i have problem in acl2 i did everything ,but i have Packet Tracer 5.0 so i can’t make practice tel me how i solf this problemthnx
7. mohsin soudagarDecember 7th, 2010
@you should download PT 5.1…. or give me your ID i’ll mail you its topology..so that you can practice it more efficiently
8. hiDecember 8th, 2010
whr it s dwnd acl sim 2 ……..plz giv me tht link packet tracer
9. mohsin soudagarDecember 8th, 2010
@hi..dear just see below the topology…you find a “Download this sim here” just click on here,,u’ll have it…tc
10. fatahDecember 8th, 2010
hi alland thinx mohsin for your re ably my email [email protected] wait you ,i will be thinkful for you.
11. fatahDecember 8th, 2010
if baspol send me eigrb and vtp also
12. tomekDecember 8th, 2010
404 Not FoundThe resource requested could not be found on this server!Powered By LiteSpeed Web ServerLiteSpeed Technologies is not responsible for administration and contents of this web site!
13. mohsin soudagarDecember 8th, 2010
@fatah….dear i had send you 11 labs..which include ACL2, EIGRP,RIP, VTP…… and all other….take care..and share your exam experience with us..we are waiting..for it
14. mohsin soudagarDecember 8th, 2010
@fatah..
you can download packet tracer v5.3.1 which is latest..to open ACL2 lab..
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 4/11
http://hotfile.com/dl/81150708/025d779/PacketTracer531_setup_no_tutorials.exe.html
15. Muhammad ImranDecember 8th, 2010
HiFriendslearn how to connect virtual machine with gns3 and test internet connectivity in virtual machine very easy and interesting labhttp://www.youtube.com/watch?v=MWi2S1wQWCo
ThanksMuhammad Imran!!!!!!
16. Muhammad ImranDecember 8th, 2010
HiFriendslearn how to connect make this same lab in gns3 and get 100% resultshttp://www.youtube.com/watch?v=qJVuCFHdoDk
ThanksMuhammad Imran!!!!!!
17. fatahDecember 9th, 2010
hi mohsin soudaga i will do insh alaah
18. fatahDecember 9th, 2010
thnx mohsin acl2 it’s work in 5.3 thank you all friend in 9tut
19. SagarDecember 9th, 2010
show run command is not supported in ccna sim,so any alternative to this?Plz reply………….
20. cizmoDecember 9th, 2010
try sh ip interfaces (brief)
21. alDecember 11th, 2010
My suggestion (I had this question on the exam) try “do show run”, do not exit global config mode.
22. EDecember 11th, 2010
show run did work on the exam.
23. IncDecember 11th, 2010
http 404 not found guys i want these sims i need to practice im writing monday
24. IncDecember 11th, 2010
plz
25. HassanDecember 11th, 2010
@mohsin soudagar
Could you please send me the 11 labs too? My exam is on dec 16.
Thanks !!Hassan
26. hasyDecember 12th, 2010
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 5/11
i got my exam yesterday and passed with 974. especial thanks for the 9tut. pass4sure & testinside dumps are still valid. sims are eigrp,vtp & access-list only the ip addressesare changed. in access-list the the pc also changed. again thanks for the 9tut and all of the contributors
if any one need help from me pls email to
27. mohsin soudagarDecember 12th, 2010
@Hassan
yes dear..i had mailed you….. all the 12 labs topologies..
28. HassanDecember 12th, 2010
@mohsin soudagarThank you so much my friend! I’ve just did 1 simulation, only 11 to go ! :)We gonna do it !!Hassan
29. SaleckDecember 12th, 2010
hi there, could you send me the 12 lab topologies as well? I’m to take the exam the week of the December 20th. Thank you. [email protected] and the latest dumps ifat all possible
30. kapilDecember 13th, 2010
hello mohsin soudagarIf you can also send me the 11 labs i am planning to do my exam first week of jan [email protected]
31. nathanDecember 13th, 2010
hi friend can u please send me the 12 lab topologies . examin this friday. cheers brad_gemini at hotmail dot com
32. rayanDecember 13th, 2010
hi,
plz send me all lab topologies , my exam on this Thursday , mail id is [email protected], thanks ..
33. MuzzammilDecember 13th, 2010
hello,can u lz send me the topologies.mail: [email protected]
Thnx
34. ABBASDecember 13th, 2010
hello
Anyone Plz forward me all topologies @ [email protected].
Thank u so much…… looking forward………
Cheers
35. ptrckDecember 13th, 2010
Hey allcan one send me lab topologies, exam this week. ([email protected])This site has been most excellent with exam prep.Thanks so much!!
36. Peter ColeDecember 13th, 2010
Please add me to the list for the 12 labs. [email protected]
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 6/11
Thanks
37. robDecember 13th, 2010
please could someone please send me the packet tracer version of this please, got my exam this weekmany thanks
38. harishDecember 14th, 2010
hi iam harish iam having exam this week can anyone send me all lab topologies my add is harisrexgmail.com
39. MarkoDecember 14th, 2010
Hi,
I see that someone already asked the same question above but wasn’t answered yet. Instead of applying ACL on Fa0/1 as outbound, shouldn’t we apply it on Fa0/0 asinbount?
As per CBT Nuggests, extended ACLs should be applied as close as you can to the source that should be filtered. On the other hand, standard ACLs should be applied asclose as you can to the destination (to avoid redundant permission denial). And since the ACL above is extended, I expected that it will be applied on Fa0/0 as inbound one.
What do you think about this?
Thanks,Marko
40. 9tutDecember 14th, 2010
@Marko: I agree that standard ACLs should be applied as close as you can to the destination but in this case we must apply it to Fa0/1 (outbound), not Fa0/0 (inbound)because we also need to prevent Core network from accessing the Finance Web Server. If we apply access-list to Fa0/0, only packets from hosts A B C D will be filtered.
41. MarkoDecember 14th, 2010
You’re absolutely right! Thank you very much for this clarification and pointing me to the part of the text that I overseen. In the 3rd sentence of the text, it says: “No other hostsfrom the LAN nor the Core should be able to use a web browser to access this server.”, just like you said. My suggestion would affect only “hosts from the LAN”, while “theCore” could still access the Web server.
Thanks,Marko
42. rayanDecember 14th, 2010
thanku 9tut.packet trcr for access list 2 is working fine..
43. 9tut.com.rocksDecember 14th, 2010
hi guys, where can i get the packet tracer? this is what i need like a router simulation program ,right? can somebody email me where to find it and how i could use it for this typeof labs? my email address is [email protected]. i would like to practice the labs before writing the exam next week. thanks in advance. much appreciated.
44. Owolowo olayinkaDecember 15th, 2010
Hi, can u pls send me d 12 labs as i’ve been lookin 4 what to practice with. Thanks 4 d gud [email protected]
45. farhadDecember 15th, 2010
@mohsin soudagar
Could you please send me the 12 labs, my exam is on dec 21.
my emai address is [email protected]
thnx
46. fatahDecember 15th, 2010
today i pass ccan exam ,acl2,vtp,eigrpvce dumps it’s valid thank you 9tut and exam collatio
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 7/11
i wont thank my friend mohsen coz he is help me also
47. FabulousDecember 15th, 2010
Hi, engineers and potential engineers, i wrote my exam on 12 December and scored 1000/1000, it is possible, please don’t panic.
Sims were: VTP, Eigrp as no. 23, with wrong as no. of 22, Access-list sim 2 with different addresses.
All questions from Acme, Mashti and i also used the pass4sure frm certuniverse.blogspot.com with 473Qs. Be careful, there are many wrong questions on Acme’s dump.
I am excited but i have a problem at the same time, my name was misspelled and when i went to the certification tracking system on the “update personal info” i can’t edit myname, anyone help!!!!!!!!!!!!!!
48. PeterDecember 15th, 2010
I wouldn’t recommend creating additional statements. The question says to do it in 3 statements.
49. mohsin soudagarDecember 15th, 2010
@fatah
i am really happy that u passed it..its absolutely my pleasure to help you..may god always bless you :) :)
50. LoisDecember 16th, 2010
On the Lab acl lab sim 2 how do you ping from the pc? I get host name unresolved when I ping. Also on router rip instead of 172.16.0.0 it should be 172.22.0.0.Very nice job on packet tracer. Thank you I appreciate it.
51. JihanDecember 22nd, 2010
Hi I have my exam on the 30th! I would appreciate it if anyone kind enough to send me all the labs! my email is [email protected].
Congrats to those who have passed and good luck to those with the upcoming tests!!
52. GauravDecember 22nd, 2010
hi, i am new here and find it quite interesting. Well would anyone be kind enough to send me the lab sims available. i am having my exam on the 24th of this month.
53. Karthik TDecember 22nd, 2010
Hi Friends,I am having exam on 27 th, can u pls share the latest Simulation dumps,Pls share the documents @ [email protected]
waiting for ur inputs
Thanks in Advance :-)
54. DeenDecember 23rd, 2010
Dear All,
I have scheduled my CCNA exam in within 48hrs. If there is any changes in SIM please let me know.
Thanks for folks.
55. Karthik’s fatherDecember 23rd, 2010
Guys, please don’t send Karthik any dumps.
56. MansoorDecember 26th, 2010
Hi I have planned to do CCNA exam on jan 2011. can anyone send me all the lab simulation for practise. I would be very thankful
57. Azhar Malghani
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 8/11
December 26th, 2010
Hi everyone, I have to appear for CCNA in next 24 hours, If any one can help me to send Latest dumps of testinside.
PLEASE HELP I HAVE TO PASS THIS EXAM INSHALLAH
Kindly send any helping stuff at………….( [email protected])
WISH ME BEST OF LUCK AND CONGRATS TO ALL PASSED CANDIDATES.I LUV U ALL.
58. RafaqatDecember 27th, 2010
hello dears i have dumps of testinside v17.14 and i has 356 question.plz do inform me that is it valid or not .plz plz if not so plz send me dumps on my e mailrafaqat_edu@yahoo .com i have exam on 15 jan
59. TiredEyesDecember 27th, 2010
In the exam are the questions totally random or do they come in section, such as, say for example, 10 question on switching, then 10 questions on routing protocols, etc, etc.
Thanks on advance, got my CCNA exam in Jan 2011, hope they don’t change the sims for 2011.
60. AllanDecember 28th, 2010
@mohsin soudagar
I am planning to take the exam this coming jan 2011, please send me the 12 labs. My email add is [email protected]
Thanks =)
61. salzDecember 28th, 2010
@ fabulous and everyone ….i studied Acme Dumps and 9tut labs… am gonna write exam tomorrow.. r u all sure that in ACME dumps all the questions are correct and valid..plzzzz reply me fast..
62. teekaDecember 28th, 2010
got this 2day in ma exam , host A , thxx 9tut
63. easonDecember 28th, 2010
CCNA 640-802 study guide
64. RiyaDecember 29th, 2010
Can anybody pleasssse tel me in the question it is given “No other hosts from the LAN nor the Core should be able to use a web browser to access this server”. But thosanswer given here allows the core network to access the Finance Server.
Are we suppose 2 configure only tht much in the CCNA exam or more configuration r needed.
Please help me…i hve my exam 2mrw.Pleaaasssee..
65. StephenDecember 30th, 2010
I have a simulation to this question if u want it get to me via mail at [email protected]
66. RRDecember 30th, 2010
Hi everybody,
Today I scored 949/1000 in CCNA 640-802 exam
Heartly Thanks to 9tut they have explained very well all the simulators here just do that perfectly
Sims are ACL2, EIGRP and VTPBut make sure about IP addresses and PCsEigrp simI got 192.168.66.0 and 192.168.36.0 Network IDs for Regional2 router and the AS number was 122It was not misconfigured with 22 number, so I didn’t say no router eigrp 22 in configuration
ACL2
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 9/11
There were PC1 insteed of PC3 should be access finance server IP was differentFinance server IP address was 172.22.173.28
Take care about VTP sim I lost some points in there you have to understand and find the correct answers
I studied from Todd Lammle’s 6th edition book and prepared from acme 17.14 356qs are pretty validI am not sure about Jan 2011
For acme 17.14 vce 356qs just go through this linkhttp://www.examcollection.com/cisco/Cisco.TestInside.640-802.v17.11.by.Acme.310q.vce.file.html
to open all questions you have to get VCE cert exam designer and manager as well as exam formater
Wish you all the bestAnd HAPPY NEW YEAR 2011
67. ARQ:January 1st, 2011
How can you verify your resultsi know 9tut u say in real exami shld oopen browser of host c
but currently can i verify this from topologybecause when i type the address of f inance browser
either nothing happens or either some hsot restart error messgaecommands are correcthave tried many times
And i cant verify difference in host c and others in accessing
just one question from u? FROM TOPOLOGY WHICH u have given us, i cant verify my connectivity by typing finance browser from host c. right? i can only do it in realexam or can i also do it in this topology
please do reply
many thanks in advance
68. 9tutJanuary 2nd, 2011
You can do it in this topology by using the “Real-Time” simulation function in Packet Tracer. You will see the packets from other hosts (than host C) being denied and droppedat the router.
69. 9tutJanuary 2nd, 2011
@Riya: The Core network can’t access the Finance Web Server too because we apply the access list at the outbound interface (Fa0/1).
1. No trackbacks yet.
Add a Comment
Name
Website (not required)
Submit Comment
Subscribe to comments feedCCNA VTP SIM Question Contact Me
CCNA 640-802
CCNA Lab SimCCNA – Access List QuestionsCCNA – WANCCNA – OSPF QuestionsCCNA – EIGRP QuestionsDHCP Group of Four QuestionsCCNA – Drag and Drop 1CCNA – Drag and Drop 2
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 10/11
CCNA – Drag and Drop 3CCNA – Drag and Drop 4CCNA – HotspotCCNA – IPv6 QuestionsCCNA – SubnettingCCNA – Operations 1CCNA – Operations 2CCNA – Operations 3CCNA – Troubleshooting 1CCNA – Troubleshooting 2Share your CCNA Experience
CCNA Self-Study
Practice CCNA GNS3 LabsCCNA Knowledge
Network Resources
CCNA FAQs & TipsFree Router Simulators
ICND1/ICND2 Website
CCNP - ROUTE Website
CCNP - SWITCH Website
CCNP - TSHOOT Website
CCNA Voice Website
CCNA Security Website
CCDA Website
CCIE Written Website
Support 9tut
Your contribution will help keep this site updated!
TopCopyright © 2010 CCNA TrainingPrivacy Policy. Valid XHTML 1.1 and CSS 3.
Ads by Google
CCNA Video Training
CCNA ICND 1
Cisco CCNA Courses
Online CCNA Cert
1/2/2011 CCNA Training » CCNA Access List Sim 2
www.9tut.com/78-ccna-access-list-sim-2 11/11