hello friend i have answerd more time of your question or
doute.now i am seeing towards you for help,plz send the
soln before monedya
the problem is
i have three router r1 and r2 and r3
they are conested in that maneer
thai is
r1---r2---r3---server
|
|
server
bothe server have diffrent ip
now i have to implemnt access list on the r3 router in such
a way that user from r1 can access only one server
while user from r2 can access whole servre
i ahve done it but both user of r1 and r2 uses all server
i need help
please help me this time?
i have repalsced my firwall by r3 router
so bacicaly i have to implement it on my firewall but you
tell me on cisco router please help
- 2 Answers
- 3885 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / shahin
Hi.... U didn't mention any ip address as well as interfaces
which r used to connect routers.
R1(s1/0)------(S1/0)R2 (S1/1) -------(S1/0)R3------- server1
! ! ! 10.1.1.1
! ! ! 10.1.1.10
! ! !
PC1 PC2 Server2
13.1.1.1 12.1.1.1 11.1.1.1
13.1.1.10 12.1.1.10 11.1.1.10
Note: First one IP address & second default gateway.
R1
s1/0 - 1.1.1.1
R2
s1/0 - 1.1.1.2
s1/1 - 2.2.2.1
R3
s1/0 - 2.2.2.2
I configured RIPv2 on all router & its working fine. Now i
can access each & every user & server from anywhere in the
network.
Point is that, u want to configure ACL, so that it will meet
ur requirements.
As u mention, "implemnt access list on the r3 router in such
a way that user from r1 can access only one server"... ok i
m goin to block user from R1 to access "server1"
Create Standard ACL -
R3#conf t
R3(config)#access-list 5 permit 12.0.0.0 0.255.255.255
R3(config)#access-list 5 deny any
Apply ACL -
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip access-group 5 out
Router(config-if)#^Z
See the sh output -
Router#sh access-lists
Standard IP access list 5
permit 12.0.0.0 0.255.255.255 (4 match(es))
deny any (3 match(es))
Hey buddy.... i configure the same scenario in packet
tracer.. here i m pasting the the sh runing-config of routers -
***** Router 1 -
Current configuration : 652 bytes
!
output omitted
!
interface FastEthernet0/0
ip address 13.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.1 255.0.0.0
clock rate 128000
!
router rip
version 2
network 1.0.0.0
network 13.0.0.0
no auto-summary
!
ip classless
!!
end
**** Router 2 -
Building configuration...
Current configuration : 674 bytes
!
Output Omitted
!
interface FastEthernet0/0
ip address 12.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.2 255.0.0.0
!
interface Serial1/1
ip address 2.2.2.1 255.0.0.0
clock rate 128000
!
router rip
version 2
network 1.0.0.0
network 2.0.0.0
network 12.0.0.0
no auto-summary
!
ip classless
!!
end
****Router 3 -
Building configuration...
Current configuration : 748 bytes
!
Output Omitted
!
interface FastEthernet0/0
ip address 11.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.10 255.0.0.0
ip access-group 5 out
duplex auto
speed auto
!
interface Serial1/0
ip address 2.2.2.2 255.0.0.0
!
router rip
version 2
network 2.0.0.0
network 10.0.0.0
network 11.0.0.0
no auto-summary
!
ip classless
!
!
access-list 5 permit 12.0.0.0 0.255.255.255
access-list 5 deny any
!
!!
end
***** Outout from PC1 -
PC1>ping 10.1.1.1
Pinging 10.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Hey buddy, i tried my best to explain as simple as possible
& as much as accuracy. Hope this gonna help u to do the work.
Cheers & enjoy the sunday/Funday.... heheheh
| Is This Answer Correct ? | 1 Yes | 0 No |
Hi, Can any one please tell me the experience of their CCNA interview,and please tell me all the questions they asked in the interview. Many Thanks...
Which two of the following are valid ways to have multiple encapsulation types on a single interface? A.) This is not possible B.) subinterfaces C.) additional physical interfaces D.) secondary addresses
Identify the following command to configure a secret password to 'cisco'? A.) Router(config)#enable password cisco secret B.) Router(config)#enable secret cisco C.) Router(config)#enable secret password cisco D.) Router(config)#set secret = cisco
The Physical layer works with which of the following: A.) Segments B.) Datagrams C.) Packets D.) Bits E.) Frames
hi shain/sudeep and rest of all plz answer these question for help some one as soon as possible what is stub area what is transit area let there are three area in ospf a0 a2 and a3 if a2 and a3 is coneted through each other will they comnicate
what is quota management?
Which layer is responsible for putting 1s and 0s into a logical group? A.) Session B.) Application C.) Transport D.) Data Link E.) Physical F.) Network
How many LMI types are available on Cisco routers? A.) Four B.) Two C.) Five D.) Three
What is the juncture at which the CPE ends and the local loop portion of the service begins? A. Demarc B. CO C. Local loop D. Last-mile
Identify the 2 commands the saves the running-config to NVRAM? A.) write memory B.) copy running-config startup-config C.) write network D.) write backup
What is the Network Layer of the OSI responsible for? A.) Bridging B.) Routing packets through an internetwork C.) Regenerating the digital signal D.) Gateway services
what is the difference between dynamic NAT and NAT overload ? and how it works ?
CCNA 
