ccna training » ccna access list sim 2

Type text to search here...

Home > CCNA Access List Sim 2

CCNA Access List Sim 2October 26th, 2010 Go to comments

Question

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from theFinance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have webaccess to the Finance Web Server. All other traffic is permitted.Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer and Explanation

Corp1>enable (you may enter “cisco” as it passwords here)

We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The ServerLAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show running-config” command to check which interface has the IP address of 172.22.242.30.

Corp1#show running-config

Ads by Google CCNA Practice Exam Cisco CCNA 640 802 Exam CCNA Get CCNA Certified

Cisco Video Conference Guide to your telepresence solution Download it for Free Here! Cisco.com/Cisco_Telepresence

I passed the CCIE R&S Lab on my first attempt! Steve Clarkin - CCIE #25821 www.INE.com/CCIE

Pass ACCA Exams 1st Time Career Service, LSBF ACCA Tutors Team+ Fully funded MBA/MSc Degree www.CA-MB

1/2/2011 CCNA Training » CCNA Access List Sim 2

www.9tut.com/78-ccna-access-list-sim-2 1/11

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).

Corp1#configure terminal

Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via web

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permitted

Corp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from the Core network.

In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. Ifyour configuration is correct then you can access it.

Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts.

Finally, save the configuration

Corp1(config-if)#endCorp1#copy running-config startup-config

(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.)

Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.

I created this sim in Packet Tracer v5.2.1 so you can practice with it. You will need new version of Packet Tracer to open it (v5.1+).

Download this sim here



Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Tu

Highlight

Notice: After typing the commands above, if you make a “ping” from other hosts (PC0, PC1, PC3) then PC4 (Finance Web Server) can still reply because we just filter HTTP traffic,not ICMP traffic. To generate HTTP traffic, select “Web Browser” in the “Desktop” tab of these PCs. When a web browser opens, type the IP address of Finance Web Server andyou can see how traffic flows in Simulation Mode.

And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access-list that can filter this traffic too.

Other lab-sims on this site:

CCNA NAT SIM Question 1

CCNA NAT SIM Question 2

CCNA Frame Relay Sim

CCNA Configuration SIM Question (RIPv2 SIM)

CCNA VTP SIM

CCNA EIGRP LAB

CCNA Drag and Drop SIM

CCNA Implementation SIM

Comments

1. fatahDecember 2nd, 2010

hi friend how are you all ,i wont know what is egirp did it come for us today and which acl2thank you all

2. MoDecember 2nd, 2010

@ Fatah:

There will be a question about EGRIP and ACL too. The ACL question i had was this:

http://www.9tut.com/ccna-lab-sim/78-ccna-access-list-sim-2

and this one for egrip:

http://www.9tut.com/ccna-eigrp-questions

3. winDecember 2nd, 2010

pc-pt(pc4) does not provide http connection,replace with server or give ip address(172.22.242.29 )to public web server and provide accesslist to this ip as same as previouslydone .check

E2M Simulation systems 2 to 6 DOF motion simulation advanced cueing and control force www.e2mtechnologies.eu

Official Cisco Training CCNA, CCDA, CCNP, CCSP, CCVP, CCIP, CCDP, CCIE www.koenig-solutions.com

Rack Rental / Network Lab $79/mo for up to 360 hours - Over 20 modern Cisco / Juniper devices lab.ghoudakis.com



please correct me if i am wrong

4. ccnaDecember 7th, 2010

PLEASE CORRECT ME IF IM WRONG !!!

in/out interface could be determined by source and packets flow direction.

in my case i have applied on interface fa0/0 which facing 192.168.0.0 subnet.

this acl does exactly same – just wonder if theres problems with going my way on this…

5. ccnaDecember 7th, 2010

sorry forgot to be exact, i have applied :

interface fast0/0ip access-group 100 in

6. fatahDecember 7th, 2010

i have problem in acl2 i did everything ,but i have Packet Tracer 5.0 so i can’t make practice tel me how i solf this problemthnx

7. mohsin soudagarDecember 7th, 2010

@you should download PT 5.1…. or give me your ID i’ll mail you its topology..so that you can practice it more efficiently

8. hiDecember 8th, 2010

whr it s dwnd acl sim 2 ……..plz giv me tht link packet tracer


@hi..dear just see below the topology…you find a “Download this sim here” just click on here,,u’ll have it…tc


hi alland thinx mohsin for your re ably my email [email protected] wait you ,i will be thinkful for you.


if baspol send me eigrb and vtp also

12. tomekDecember 8th, 2010

404 Not FoundThe resource requested could not be found on this server!Powered By LiteSpeed Web ServerLiteSpeed Technologies is not responsible for administration and contents of this web site!


@fatah….dear i had send you 11 labs..which include ACL2, EIGRP,RIP, VTP…… and all other….take care..and share your exam experience with us..we are waiting..for it


@fatah..

you can download packet tracer v5.3.1 which is latest..to open ACL2 lab..



http://hotfile.com/dl/81150708/025d779/PacketTracer531_setup_no_tutorials.exe.html

15. Muhammad ImranDecember 8th, 2010

HiFriendslearn how to connect virtual machine with gns3 and test internet connectivity in virtual machine very easy and interesting labhttp://www.youtube.com/watch?v=MWi2S1wQWCo

ThanksMuhammad Imran!!!!!!

16. Muhammad ImranDecember 8th, 2010

HiFriendslearn how to connect make this same lab in gns3 and get 100% resultshttp://www.youtube.com/watch?v=qJVuCFHdoDk

ThanksMuhammad Imran!!!!!!


hi mohsin soudaga i will do insh alaah


thnx mohsin acl2 it’s work in 5.3 thank you all friend in 9tut

19. SagarDecember 9th, 2010

show run command is not supported in ccna sim,so any alternative to this?Plz reply………….

20. cizmoDecember 9th, 2010

try sh ip interfaces (brief)

21. alDecember 11th, 2010

My suggestion (I had this question on the exam) try “do show run”, do not exit global config mode.

22. EDecember 11th, 2010

show run did work on the exam.

23. IncDecember 11th, 2010

http 404 not found guys i want these sims i need to practice im writing monday

24. IncDecember 11th, 2010

plz

25. HassanDecember 11th, 2010

@mohsin soudagar

Could you please send me the 11 labs too? My exam is on dec 16.

[email protected]

Thanks !!Hassan

26. hasyDecember 12th, 2010



i got my exam yesterday and passed with 974. especial thanks for the 9tut. pass4sure & testinside dumps are still valid. sims are eigrp,vtp & access-list only the ip addressesare changed. in access-list the the pc also changed. again thanks for the 9tut and all of the contributors

if any one need help from me pls email to

[email protected]


@Hassan

yes dear..i had mailed you….. all the 12 labs topologies..

28. HassanDecember 12th, 2010

@mohsin soudagarThank you so much my friend! I’ve just did 1 simulation, only 11 to go ! :)We gonna do it !!Hassan

29. SaleckDecember 12th, 2010

hi there, could you send me the 12 lab topologies as well? I’m to take the exam the week of the December 20th. Thank you. [email protected] and the latest dumps ifat all possible

30. kapilDecember 13th, 2010

hello mohsin soudagarIf you can also send me the 11 labs i am planning to do my exam first week of jan [email protected]

31. nathanDecember 13th, 2010

hi friend can u please send me the 12 lab topologies . examin this friday. cheers brad_gemini at hotmail dot com

32. rayanDecember 13th, 2010

hi,

plz send me all lab topologies , my exam on this Thursday , mail id is [email protected], thanks ..

33. MuzzammilDecember 13th, 2010

hello,can u lz send me the topologies.mail: [email protected]

Thnx

34. ABBASDecember 13th, 2010

hello

Anyone Plz forward me all topologies @ [email protected].

Thank u so much…… looking forward………

Cheers

35. ptrckDecember 13th, 2010

Hey allcan one send me lab topologies, exam this week. ([email protected])This site has been most excellent with exam prep.Thanks so much!!

36. Peter ColeDecember 13th, 2010

Please add me to the list for the 12 labs. [email protected]



Thanks

37. robDecember 13th, 2010

please could someone please send me the packet tracer version of this please, got my exam this weekmany thanks

38. harishDecember 14th, 2010

hi iam harish iam having exam this week can anyone send me all lab topologies my add is harisrexgmail.com

39. MarkoDecember 14th, 2010

Hi,

I see that someone already asked the same question above but wasn’t answered yet. Instead of applying ACL on Fa0/1 as outbound, shouldn’t we apply it on Fa0/0 asinbount?

As per CBT Nuggests, extended ACLs should be applied as close as you can to the source that should be filtered. On the other hand, standard ACLs should be applied asclose as you can to the destination (to avoid redundant permission denial). And since the ACL above is extended, I expected that it will be applied on Fa0/0 as inbound one.

What do you think about this?

Thanks,Marko

40. 9tutDecember 14th, 2010

@Marko: I agree that standard ACLs should be applied as close as you can to the destination but in this case we must apply it to Fa0/1 (outbound), not Fa0/0 (inbound)because we also need to prevent Core network from accessing the Finance Web Server. If we apply access-list to Fa0/0, only packets from hosts A B C D will be filtered.

41. MarkoDecember 14th, 2010

You’re absolutely right! Thank you very much for this clarification and pointing me to the part of the text that I overseen. In the 3rd sentence of the text, it says: “No other hostsfrom the LAN nor the Core should be able to use a web browser to access this server.”, just like you said. My suggestion would affect only “hosts from the LAN”, while “theCore” could still access the Web server.

Thanks,Marko

42. rayanDecember 14th, 2010

thanku 9tut.packet trcr for access list 2 is working fine..

43. 9tut.com.rocksDecember 14th, 2010

hi guys, where can i get the packet tracer? this is what i need like a router simulation program ,right? can somebody email me where to find it and how i could use it for this typeof labs? my email address is [email protected]. i would like to practice the labs before writing the exam next week. thanks in advance. much appreciated.

44. Owolowo olayinkaDecember 15th, 2010

Hi, can u pls send me d 12 labs as i’ve been lookin 4 what to practice with. Thanks 4 d gud [email protected]

45. farhadDecember 15th, 2010

@mohsin soudagar

Could you please send me the 12 labs, my exam is on dec 21.

my emai address is [email protected]

thnx


today i pass ccan exam ,acl2,vtp,eigrpvce dumps it’s valid thank you 9tut and exam collatio



i wont thank my friend mohsen coz he is help me also

47. FabulousDecember 15th, 2010

Hi, engineers and potential engineers, i wrote my exam on 12 December and scored 1000/1000, it is possible, please don’t panic.

Sims were: VTP, Eigrp as no. 23, with wrong as no. of 22, Access-list sim 2 with different addresses.

All questions from Acme, Mashti and i also used the pass4sure frm certuniverse.blogspot.com with 473Qs. Be careful, there are many wrong questions on Acme’s dump.

I am excited but i have a problem at the same time, my name was misspelled and when i went to the certification tracking system on the “update personal info” i can’t edit myname, anyone help!!!!!!!!!!!!!!

48. PeterDecember 15th, 2010

I wouldn’t recommend creating additional statements. The question says to do it in 3 statements.


@fatah

i am really happy that u passed it..its absolutely my pleasure to help you..may god always bless you :) :)

50. LoisDecember 16th, 2010

On the Lab acl lab sim 2 how do you ping from the pc? I get host name unresolved when I ping. Also on router rip instead of 172.16.0.0 it should be 172.22.0.0.Very nice job on packet tracer. Thank you I appreciate it.

51. JihanDecember 22nd, 2010

Hi I have my exam on the 30th! I would appreciate it if anyone kind enough to send me all the labs! my email is [email protected].

Congrats to those who have passed and good luck to those with the upcoming tests!!

52. GauravDecember 22nd, 2010

hi, i am new here and find it quite interesting. Well would anyone be kind enough to send me the lab sims available. i am having my exam on the 24th of this month.

53. Karthik TDecember 22nd, 2010

Hi Friends,I am having exam on 27 th, can u pls share the latest Simulation dumps,Pls share the documents @ [email protected]

waiting for ur inputs

Thanks in Advance :-)

54. DeenDecember 23rd, 2010

Dear All,

I have scheduled my CCNA exam in within 48hrs. If there is any changes in SIM please let me know.

Thanks for folks.

55. Karthik’s fatherDecember 23rd, 2010

Guys, please don’t send Karthik any dumps.

56. MansoorDecember 26th, 2010

Hi I have planned to do CCNA exam on jan 2011. can anyone send me all the lab simulation for practise. I would be very thankful

[email protected]

57. Azhar Malghani



December 26th, 2010

Hi everyone, I have to appear for CCNA in next 24 hours, If any one can help me to send Latest dumps of testinside.

PLEASE HELP I HAVE TO PASS THIS EXAM INSHALLAH

Kindly send any helping stuff at………….( [email protected])

WISH ME BEST OF LUCK AND CONGRATS TO ALL PASSED CANDIDATES.I LUV U ALL.

58. RafaqatDecember 27th, 2010

hello dears i have dumps of testinside v17.14 and i has 356 question.plz do inform me that is it valid or not .plz plz if not so plz send me dumps on my e mailrafaqat_edu@yahoo .com i have exam on 15 jan

59. TiredEyesDecember 27th, 2010

In the exam are the questions totally random or do they come in section, such as, say for example, 10 question on switching, then 10 questions on routing protocols, etc, etc.

Thanks on advance, got my CCNA exam in Jan 2011, hope they don’t change the sims for 2011.

60. AllanDecember 28th, 2010

@mohsin soudagar

I am planning to take the exam this coming jan 2011, please send me the 12 labs. My email add is [email protected]

Thanks =)

61. salzDecember 28th, 2010

@ fabulous and everyone ….i studied Acme Dumps and 9tut labs… am gonna write exam tomorrow.. r u all sure that in ACME dumps all the questions are correct and valid..plzzzz reply me fast..

62. teekaDecember 28th, 2010

got this 2day in ma exam , host A , thxx 9tut

63. easonDecember 28th, 2010

CCNA 640-802 study guide

64. RiyaDecember 29th, 2010

Can anybody pleasssse tel me in the question it is given “No other hosts from the LAN nor the Core should be able to use a web browser to access this server”. But thosanswer given here allows the core network to access the Finance Server.

Are we suppose 2 configure only tht much in the CCNA exam or more configuration r needed.

Please help me…i hve my exam 2mrw.Pleaaasssee..

65. StephenDecember 30th, 2010

I have a simulation to this question if u want it get to me via mail at [email protected]

66. RRDecember 30th, 2010

Hi everybody,

Today I scored 949/1000 in CCNA 640-802 exam

Heartly Thanks to 9tut they have explained very well all the simulators here just do that perfectly

Sims are ACL2, EIGRP and VTPBut make sure about IP addresses and PCsEigrp simI got 192.168.66.0 and 192.168.36.0 Network IDs for Regional2 router and the AS number was 122It was not misconfigured with 22 number, so I didn’t say no router eigrp 22 in configuration

ACL2



There were PC1 insteed of PC3 should be access finance server IP was differentFinance server IP address was 172.22.173.28

Take care about VTP sim I lost some points in there you have to understand and find the correct answers

I studied from Todd Lammle’s 6th edition book and prepared from acme 17.14 356qs are pretty validI am not sure about Jan 2011

For acme 17.14 vce 356qs just go through this linkhttp://www.examcollection.com/cisco/Cisco.TestInside.640-802.v17.11.by.Acme.310q.vce.file.html

to open all questions you have to get VCE cert exam designer and manager as well as exam formater

Wish you all the bestAnd HAPPY NEW YEAR 2011

67. ARQ:January 1st, 2011

How can you verify your resultsi know 9tut u say in real exami shld oopen browser of host c

but currently can i verify this from topologybecause when i type the address of f inance browser

either nothing happens or either some hsot restart error messgaecommands are correcthave tried many times

And i cant verify difference in host c and others in accessing

just one question from u? FROM TOPOLOGY WHICH u have given us, i cant verify my connectivity by typing finance browser from host c. right? i can only do it in realexam or can i also do it in this topology

please do reply

many thanks in advance

68. 9tutJanuary 2nd, 2011

You can do it in this topology by using the “Real-Time” simulation function in Packet Tracer. You will see the packets from other hosts (than host C) being denied and droppedat the router.

69. 9tutJanuary 2nd, 2011

@Riya: The Core network can’t access the Finance Web Server too because we apply the access list at the outbound interface (Fa0/1).

1. No trackbacks yet.

Add a Comment

Name

Website (not required)

Submit Comment

Subscribe to comments feedCCNA VTP SIM Question Contact Me

CCNA 640-802

CCNA Lab SimCCNA – Access List QuestionsCCNA – WANCCNA – OSPF QuestionsCCNA – EIGRP QuestionsDHCP Group of Four QuestionsCCNA – Drag and Drop 1CCNA – Drag and Drop 2



CCNA – Drag and Drop 3CCNA – Drag and Drop 4CCNA – HotspotCCNA – IPv6 QuestionsCCNA – SubnettingCCNA – Operations 1CCNA – Operations 2CCNA – Operations 3CCNA – Troubleshooting 1CCNA – Troubleshooting 2Share your CCNA Experience

CCNA Self-Study

Practice CCNA GNS3 LabsCCNA Knowledge

Network Resources

CCNA FAQs & TipsFree Router Simulators

ICND1/ICND2 Website

CCNP - ROUTE Website

CCNP - SWITCH Website

CCNP - TSHOOT Website

CCNA Voice Website

CCNA Security Website

CCDA Website

CCIE Written Website

Support 9tut

Your contribution will help keep this site updated!

TopCopyright © 2010 CCNA TrainingPrivacy Policy. Valid XHTML 1.1 and CSS 3.

Ads by Google

CCNA Video Training

CCNA ICND 1

Cisco CCNA Courses

Online CCNA Cert



ccna training » ccna access list sim 2

Documents