Monavathia's Blog

CCNA 4 Labskill Chapter 5

Posted on: January 5, 2011

Lab 5.1.1.4 Applying Design Constraints

Step 1: Identify possible project constraints

a. Use word processing software to create a new Project Constraints document.

b. The identified constraints that set limits or boundaries on the network upgrade project should be

entered into the Gathered Data field of the constraints document. Brainstorm ideas with other

students to identify additional constraints.

Classify each constraint as one of the following four types:

  • • Budget
  • • Policy
  • • Schedule
  • • Personnel

Step 2: Tabulate comments based on the identified constraints

a. Using the list of constraints discovered from the FilmCompany case study, apply appropriate

comments on how the constraints affect the design.

b. Enter the comments into a table

FILM COMPANY CONSTRAINTS
CONSTRAINT GATHERED DATA COMMENTS
to IT personnel

  • • Training needed for new hires on company security policy
of a failure.

Schedule

  • • Project must be completed within 4 months of project start.
  • • Maintenance windows are between 2am and 6am Monday through Friday.

  • • Less than 4 months to get the project completed.

Personnel
  • • Looking to hire 6 temporary and parttime production staff and at least 1 IT technician.
  • • Training on new equipment for IT personnel is needed.

  • • Will new personnel affect security policy?
  • • Do the new personnel need training on the equipment?
  • • Do existing personnel need training?

c. Save your Project Constraints checklist.

Step 3: Identify trade-offs

a. Use word processing software to create an addition to the Project Constraints document.

b. The identified constraints that set limits or boundaries on the network upgrade project will require

potential trade-offs. Discuss ideas with other students regarding trade-offs for proposed designs.

Mungkin tidak mendapatkan peralatan baru karena keterbatasan anggaran, sehingga peralatan yang ada mungkin perlu upgrade. Layanan ISP mungkin tidak optimal untuk jenis lalu lintas yang dihasilkan, sehingga sebuah ISP baru mungkin diperlukan. Anggaran tidak dapat mendukung penggantian infrastruktur yang ada; alternatif perlu dikembangkan untuk ekspansi masa depan.

c. Record the trade-offs in your Project Constraints checklist.

d. Save your Project Constraints checklist.

Step 4: Reflection

The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget?

Kurang dari empat bulan untuk menyelesaikan proyek akan membutuhkan alokasi personel lebih banyak.
• Pelatihan personil mungkin perlu dilakukan secara bertahap.
• Tidak tersedianya peralatan atau kabel dari spesifikasi teknis yang diperlukan
• Kurangnya akomodasi ke rumah usaha yang
diperluas dan infrastruktur jaringannya sejak proyek dapat mengkonsolidasikan ke dalam satu lokasi.
• keterbatasan ISP mungkin memerlukan perubahan dalam desain. Haruskah ISP lain digunakan?


Lab 5.1.2.4 Identifying Design Strategies for Scalability

Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability

a. Use word processing software to create a new document called “Design Strategies.”

b. Use the identified constraints that set limits or boundaries on the network upgrade project and the

potential trade-offs to assist in the discussion with other students.

The strategy should cover the following areas:

  • • Access Layer modules that can be added
  • • Expandable, modular equipment or clustered devices that can be easily upgraded
  • • Choosing routers or multilayer switches to limit broadcasts and filter traffic
  • • Planned redundancy
  • • An IP address strategy that is hierarchal and that supports summarization
  • • Identification of VLANs needed

Step 2: Create an Access Layer module design

Using the list developed from the group discussion, create an Access Layer module (design only).

a. Create your design using the existing equipment.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

Several servers

1 x Linksys WRT300N Wireless Router (FC-AP)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support

new features and devices without requiring major equipment upgrades.

c. Save your Design Strategies documentation.

Step 3: Select Distribution Layer devices

a. Use word processing software to create an addition to the Design Strategies document.

b. Use the identified Access Layer module diagram to create the Distribution Layer design. Equipment

selected must include existing equipment. Use Layer 3 devices at the Distribution Layer to filter and

reduce traffic to the network core.

c. With a modular Layer 3 Distribution Layer design, new Access Layer modules can be connected

without requiring major reconfiguration. Using your documentation, identify what modules can be

added to increase bandwidth.

d. Save your Design Strategies document.

Step 4: Reflection

The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Mengembangkan skema pengalamatan IP menggunakan jaringan 10.xxx benar-benar menantang.
• Memisahkan VLAN
• Rancangan ACL
unik mengingat penyaringan tidak diidentifikasi oleh klien.


Lab 5.1.3.5 Identifying Availability Strategies

Step 1: Identify the areas that will be used for designing a strategy that facilitates availability

a. Use word processing software to create a new document called “Availability Strategies.”

b. Use the identified constraints that set limits or boundaries on the network upgrade project and the

potential trade-offs to assist in brainstorming ideas with other students.

The strategy should cover the following areas:

Availability strategies for switches:

  • • Redundant power supplies and modules
  • • Hot-swappable cards and controllers
  • • Redundant links
  • • UPS and generator power

Availability strategies for routers:

  • • Redundant power supplies, UPS, and generator power
  • • Redundant devices
  • • Redundant links
  • • Out-of-band management
  • • Fast converging routing protocols

Availability strategies for Internet/Enterprise Edge:

  • • Dual ISP providers or dual connectivity to a single provider
  • • Co-located servers
  • • Secondary DNS servers

Step 2: Create availability strategies for switches

a. Using the list developed from the brainstorming session, create a list of equipment that will be

incorporated into the availability strategy.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

Several servers

1 x Linksys WRT300N Wireless Router (FC-AP)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules and redundant power supplies that will increase

availability for the switches.

c. Identify potential hot swappable cards and controllers that can be used. Create a list that identifies

each with cost and features.

d. Develop a diagram that shows potential redundant links that can be incorporated into the network

design.

e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that

identifies the cost and features of each.

f. Save your Availability Strategies document.

Step 3: Create availability strategies for routers

a. Use word processing software to create an addition to the Availability Strategies document.

b. Using the list of equipment, identify redundant power supplies that will increase availability for the

switches.

c. Identify potential redundant devices and links that can be used. Create a list that identifies each with

cost and features.

d. Create a diagram that displays the redundant connections.

e. Develop a list of potential routing protocols that will facilitate fast convergence times.

f. Save your Availability Strategies document.

Step 4: Create availability strategies for Internet/Enterprise Edge

a. Use word processing software to create an addition to the Availability Strategies document.

b. Identify options available that would allow for dual ISP or dual connectivity to a single provider.

c. Create a design that will co-locate the servers to allow for redundancy and ease of maintenance.

d. Save your Availability Strategies document.

Step 5: Reflection

The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Berbagai modul dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai perangkat UPS dapat dibeli dengan berbagai fitur dan biaya.
• Beberapa protokol routing dapat dipilih, tetapi mana yang paling sesuai desain?


Lab 5.1.5.2 Identifying Security Requirements

Step 1: Identify potential security weaknesses within the FilmCompany topology

a. Use word processing software to create a new document called “Security Strategies.”

b. Using the documents created in previous labs and the existing topology; identify potential

weaknesses in the existing design. (No firewalls, no VPNs)

c. Create a list of recommended security practices that should be employed in the FilmCompany

network.

d. Save your Security Strategies document.

Step 2: Create a security practices list

a. Using the list developed from the brainstorming session, create a finalized list of recommended

security practices for the FilmCompany.

Recommended security practices include:

  • • Use firewalls to separate all levels of the secured corporate network from other unsecured

networks, such as the Internet. Configure firewalls to monitor and control the traffic, based on

a written security policy.

  • • Create secured communications by using VPNs to encrypt information before it is sent

through third-party or unprotected networks.

  • • Prevent network intrusions and attacks by deploying intrusion prevention systems. These

systems scan the network for harmful or malicious behavior and alert network managers.

  • • Control Internet threats by employing defenses to protect content and users from viruses,

spyware, and spam.

  • • Manage endpoint security to protect the network by verifying the identity of each user before

granting access.

  • • Ensure that physical security measures are in place to prevent unauthorized access to

network devices and facilities.

  • • Secure wireless Access Points and deploy wireless management solutions.

b. Identify what devices and software will need to be purchased to facilitate the recommended security

practices. (Hardware firewalls, intrusion detection systems etc.)

c. Save your Security Strategies document.

Step 3: Create a security strategy

a. Use word processing software to create an addition to the Security Strategies document.

b. Using the list of identified equipment, develop a chart of costs and features of the recommended

devices.

c. Using the list of identified software needed, develop a chart of costs and features of the

recommended software.

d. Save your Security Strategies document.

Step 4: Create a security design

a. Use word processing software to create an addition to the Securities Strategies document.

b. Identify which types of access to the network should be secured by incorporating VPNs.

c. Identify methods for controlling physical security at the FilmCompany building and at the stadium.

d. Identify potential ACLs that can be created to filter unwanted traffic from entering the network.

(Standard ACLS or Extended need to be identified.)

e. Identify methods for securing the wireless Access Points. Determine the best method for the

FilmCompany network. (128 bit encryption etc.)

f. Save your Security Strategies document.

Step 5: Reflection

The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the

same way?

Would one be less expensive or less time-consuming than the other?

How could implementing a physical security plan into an existing company be difficult?

Berbagai perangkat keras dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai software keamanan dapat dibeli dengan berbagai fitur dan biaya.
• karyawan yang ada mungkin tidak menerima perubahan kebijakan keamanan mereka, jadi siapa yang perlu
memastikan bahwa rencana itu ditegakkan?
• ACL dapat menyaring lalu lintas, tapi apa dampaknya pada arus lalu lintas yang akan mereka miliki? Apakah ACL diterapkan pada Akses
Layer atau Pembagian Layer atau keduanya?

Lab 5.2.3.3 Designing the Core Layer

Step 1: Identify Core Layer Requirements

a. Use word processing software to create a new document called “Core Layer Diagram.”

b. Use the identified topology and associated equipment to determine Core Layer design requirements.

Design requirements for the Core Layer network include:

High-speed connectivity to the Distribution Layer switches

24 x 7 availability

Routed interconnections between Core devices

High-speed redundant links between Core switches and between the Core and Distribution Layer

devices

c. Brainstorm with other students to identify areas that may have been missed in the initial requirements

document.

Step 2: Create an Access Layer module design

Using the list developed from the group discussion, create an Access Layer module (design only).

a. Create your design using the existing equipment.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support

new features, such as redundancy.

c. Save your Core Layer Diagram document.

Step 3: Select Core Layer devices

a. Use word processing software to create an addition to the Core Layer Diagram document.

b. The identified Core Layer module diagram will be used to adjust the Distribution Layer design.

Equipment selected must include existing equipment. Use Layer 3 devices at the Core Layer in a

redundant configuration.

c. Save your Core Layer Diagram document.

Step 4: Design Redundancy

a. Use word processing software to create an addition to the Core Layer Diagram document.

b. Design a redundancy plan that combines multiple Layer 3 links to increase available bandwidth.

c. Create a design that incorporates redundancy

d. Save your Core Layer Diagram document.

Step 5: Reflection / Challenge

The design strategies for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang
dapat digunakan sebagai pengganti Layer 3 switch? Dapatkah perangkat tersebut memberikan kinerja yang sama?
• Apa kelemahan potensial untuk diagram yang diusulkan?

Lab 5.2.4.2 Creating a Diagram of the FilmCompany LAN

Step 1: Identify LAN Requirements

a. Use word processing software to create a new document called “LAN Diagram.”

b. Use the identified topology and associated equipment to determine LAN design requirements.

Design requirements for the LAN include:

High-speed connectivity to the Access Layer switches 24 x 7 availability

High-speed redundant links between switches on the LAN and the Access Layer devices

Identifying available hardware for the LAN

The current network has two VLANs.

1. General VLAN consisting of:

12 Office PCs

2 Printers

This VLAN serves the general office and managers, including reception, accounts and administration.

Addressing:

Network 10.0.0.0/24

Gateway 10.0.0.1

Hosts (dynamic) 10.0.0.200 – 10.0.0.254

Hosts (static) 10.0.0.10 – 10.0.0.20

2. Production VLAN consisting of:

9 High Performance Workstations

5 Office PCs

2 Printers

c. Brainstorm with other students to identify areas that may have been missed in the initial requirements

document.

Step 2: Determine equipment features

Using the list developed from the brainstorming session create a LAN based on technical requirements

(design only).

a. Create your design using the existing equipment.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support

new features, such as redundancy.

c. Save your LAN Diagram document.

Step 3: Select LAN devices

a. Use word processing software to create an addition to the LAN Diagram document.

b. The identified LAN diagram will be used to adjust the Access Layer design. Equipment selected must

include existing equipment.

c. Save your LAN Diagram document.

Step 4: Design Redundancy

a. Use word processing software to create an addition to the LAN Diagram document.

b. Design a redundancy plan that combines multiple Layer 2 links to increase available bandwidth.

c. Create a design that incorporates redundancy.

d. Save your LAN Diagram document.

Step 5: Reflection / Challenge

The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Would the chosen LAN design allow for future growth and the addition of the WLAN?

Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang
dapat digunakan sebagai pengganti Layer 2 switch?

Apa kelemahan potensial untuk diagram yang diusulkan?


Lab 5.4.2.2 Selecting Access Points

Step 1: Identify WLAN requirements

a. Use word processing software to create a new document called “WLAN Diagram.”

b. Use the identified topology and associated equipment to determine WLAN design requirements.

Design requirements for the WLAN include:

  • • Scalability
  • • Availability
  • • Security
  • • Manageability

c. Brainstorm with other students to identify areas that may have been missed in the initial requirements

document.

Step 2: Determine equipment features

Using the list developed from the brainstorming session create a WLAN based on technical requirements

(design only).

a. Begin by creating your design using the existing equipment.

Network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

1 x Network and Business Server

1 x Linksys WRT300N Wireless Router (FC-AP)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify the model of wireless router. Identify the features and range of the

device. Identify whether there are upgrades that can be made to extend the range, security, and existing features.

c. Create a list of features and potential upgrades and compare them to other models of wireless router.

Determine the device that can easily meet the technical requirements of the WLAN. (Standalone

Access Points for ease of installation or wireless controllers for security and management)

d. With the previous list estimate the range of coverage available with the existing wireless router.

Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design.

e. Save your WLAN Diagram document.

Step 3: Select WLAN devices

a. Use word processing software to create an addition to the WLAN Diagram document.

b. The identified WLAN diagram will be used to determine the type of wireless device that will be

included into the proposed network.

c. Ensure that the chosen wireless equipment meets the following requirements:

Design requirements for the WLAN include:

  • • Scalability
  • • Availability
  • • Security
  • • Manageability

d. Save your WLAN Diagram document.

Step 4: Design the WLAN

a. Use word processing software to create an addition to the WLAN Diagram document.

b. Design a WLAN that provides scalability. Annotate on the WLAN Diagram document how the design

provides scalability.

(Scalability – New lightweight Access Points can be added easily and managed centrally)

c. Design a WLAN that provides availability. Annotate on the WLAN Diagram document how the design

provides availability.

(Availability – Access Points can automatically increase their signal strength if one Access Point fails)

d. Design a WLAN that provides security. Annotate on the WLAN Diagram document how the design

provides security.

(Security – Enterprise-wide security policies apply to all layers of a wireless network, from the radio

layer through the MAC Layer and into the Network Layer. This solution makes it easier to provide

uniformly enforced security, QoS, and user policies. These policies address the specific capabilities of

different classes of devices, such as handheld scanners, PDAs, and notebook computers.

Security policies also provide discovery and mitigation of DoS attacks, and detection and denial of

rogue Access Points. These functions occur across an entire managed WLAN.)

e. Design a WLAN that provides manageability. Annotate on the WLAN Diagram document how the

design provides manageability.

(Manageability – The solution provides dynamic, system-wide radio frequency (RF) management,

including features that aid smooth wireless operations, such as dynamic channel assignment,

transmit power control, and load balancing. The single graphical interface for enterprise-wide policies

includes VLANs, security, and QoS.)

f. Save your WLAN Diagram document.

Step 5: Reflection / Challenge

The design strategies for the FilmCompany WLAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified

accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Would the current topology allow for future growth and the addition of the WLAN?

Apakah keterbatasan throughput WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat dapat digunakan sebagai pengganti akses poin mandiri?

Apa kelemahan potensial untuk diagram yang diusulkan?


Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set

Step 1: Cable and connect the network as shown in the topology diagram

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab.

a. Connect and configure the devices in accordance with the given topology and configuration.

Routing will have to be configured across the serial links to establish data communications.

b. Configure Telnet access on each router.

c. Ping between Host1, Host2, and Production Server to confirm network connectivity.

Troubleshoot and establish connectivity if the pings or Telnet fail.

 

Step 2: Perform basic router configurations

a. Configure the network devices according to the following guidelines:

  • • Configure the hostnames on each device.
  • • Configure an EXEC mode password of class.
  • • Configure a password of cisco for console connections.
  • • Configure a password of cisco for vty connections.
  • • Configure IP addresses on all devices.
  • • Enable EIGRP on all routers and configure each to advertise all of the connected networks.
  • • Verify full IP connectivity using the ping command.

b. Confirm Application Layer connectivity by telneting to all routers.

Step 3: Create firewall rule set and access list statements

Using the security policy information for the FilmCompany remote access, create the firewall rules that must be implemented to enforce the policy. After the firewall rule is documented, create the access list statement that will implement the firewall rule. There may be more than one statement necessary to implement a rule.

Security Policy 1: Remote users must be able to access the Production Server to view their schedules

over the web and to enter new orders.

Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP

port 80.

Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80

Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be

placed close as possible to the source of the traffic). For each of the following security policies:

a. Create a firewall rule.

b. Create an access list statement.

c. Determine the access list placement to implement the firewall rule.

Security Policy 2: Remote users must be able to FTP files to and from the Production Server.

Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP

ports 20 and 21.

Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range

20 21 or two separate access-list statements, each permitting one of the ports.

Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be

placed close as possible to the source of the traffic)

Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP

and SMTP protocols.

Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP

ports 143 and 25

Access List statement(s):

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143

Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be

placed close as possible to the source of the traffic)

Security Policy 4: Remote users must not be able to access any other services available on the

Production Server.

Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the

Production Server (172.17.1.1)

Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1.

Access List placement: Inbound on router SR1 Fa0/1

Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker

workstations. Any files that need to be transferred between the two sites must be stored on the

Production Server and retrieved via FTP.

Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network.

Access List statement(s): deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255

Access List placement: Inbound on router BR4 Fa0/1

Security Policy 6: No traffic is permitted from workstations at the remote site to workstations at the main

site.

Firewall Rule: Deny all IP protocols from users on the 10.1.1.0/24 to the 10.3.1.0/24 network.

Access List statement(s): deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255

Access List placement: Inbound on router SR1 Fa0/1

Security Policy 7: No Telnet traffic is permitted from the remote site workstations to any devices,

except their local switch.

Firewall Rule: Deny all TCP traffic from users on the 10.1.1.0/24 network on port 23.

Access List statement(s): deny tcp 10.1.1.0 0.0.0.255 any eq 23

Access List placement: Inbound on router SR1 Fa0/1

 

Step 4: Create Extended ACLs

a. Review the access list placement information that you created to implement each of the

FilmCompany security policies. List all of the different access list placements that you noted above.

Inbound on router SR1 Fa0/1

Inbound on router BR4 Fa0/1

Based on the placement information, how many access lists do you have to create?

On Router SR1

1

On Router Edge2

0

On Router BR4

1

b. Based on the access list statements you developed in Task 3, create each access list that is needed

to implement the security policies. When creating access lists, remember the following principles:

  • • Only one access list can be applied per protocol, per direction on each interface.
  • • Access list statements are processed in order.
  • • Once an access list is created and applied on an interface, all traffic that does not match any access

list statement will be dropped.

c. Use a text file to create the access lists, or write them here. Evaluate each access list statement to

ensure that it will filter traffic as intended.

Access list to be placed on SR1 Fa0/1 inbound:

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143

deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1

deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255

deny tcp 10.1.1.0 0.0.0.255 any eq 23

permit ip any any

Access list to be placed on BR4 Fa0/1 inbound:

deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip any any

Why is the order of access list statements so important?

untuk mengurangi beban prosesor router dan menurunkan latency

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: