hello friend i have answerd more time of your question or
doute.now i am seeing towards you for help,plz send the
soln before monedya
the problem is
i have three router r1 and r2 and r3
they are conested in that maneer
thai is
r1---r2---r3---server
|
|
server
bothe server have diffrent ip
now i have to implemnt access list on the r3 router in such
a way that user from r1 can access only one server
while user from r2 can access whole servre
i ahve done it but both user of r1 and r2 uses all server
i need help
please help me this time?
i have repalsced my firwall by r3 router
so bacicaly i have to implement it on my firewall but you
tell me on cisco router please help
- 2 Answers
- 4083 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / shahin
Hi.... U didn't mention any ip address as well as interfaces
which r used to connect routers.
R1(s1/0)------(S1/0)R2 (S1/1) -------(S1/0)R3------- server1
! ! ! 10.1.1.1
! ! ! 10.1.1.10
! ! !
PC1 PC2 Server2
13.1.1.1 12.1.1.1 11.1.1.1
13.1.1.10 12.1.1.10 11.1.1.10
Note: First one IP address & second default gateway.
R1
s1/0 - 1.1.1.1
R2
s1/0 - 1.1.1.2
s1/1 - 2.2.2.1
R3
s1/0 - 2.2.2.2
I configured RIPv2 on all router & its working fine. Now i
can access each & every user & server from anywhere in the
network.
Point is that, u want to configure ACL, so that it will meet
ur requirements.
As u mention, "implemnt access list on the r3 router in such
a way that user from r1 can access only one server"... ok i
m goin to block user from R1 to access "server1"
Create Standard ACL -
R3#conf t
R3(config)#access-list 5 permit 12.0.0.0 0.255.255.255
R3(config)#access-list 5 deny any
Apply ACL -
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip access-group 5 out
Router(config-if)#^Z
See the sh output -
Router#sh access-lists
Standard IP access list 5
permit 12.0.0.0 0.255.255.255 (4 match(es))
deny any (3 match(es))
Hey buddy.... i configure the same scenario in packet
tracer.. here i m pasting the the sh runing-config of routers -
***** Router 1 -
Current configuration : 652 bytes
!
output omitted
!
interface FastEthernet0/0
ip address 13.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.1 255.0.0.0
clock rate 128000
!
router rip
version 2
network 1.0.0.0
network 13.0.0.0
no auto-summary
!
ip classless
!!
end
**** Router 2 -
Building configuration...
Current configuration : 674 bytes
!
Output Omitted
!
interface FastEthernet0/0
ip address 12.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.2 255.0.0.0
!
interface Serial1/1
ip address 2.2.2.1 255.0.0.0
clock rate 128000
!
router rip
version 2
network 1.0.0.0
network 2.0.0.0
network 12.0.0.0
no auto-summary
!
ip classless
!!
end
****Router 3 -
Building configuration...
Current configuration : 748 bytes
!
Output Omitted
!
interface FastEthernet0/0
ip address 11.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.10 255.0.0.0
ip access-group 5 out
duplex auto
speed auto
!
interface Serial1/0
ip address 2.2.2.2 255.0.0.0
!
router rip
version 2
network 2.0.0.0
network 10.0.0.0
network 11.0.0.0
no auto-summary
!
ip classless
!
!
access-list 5 permit 12.0.0.0 0.255.255.255
access-list 5 deny any
!
!!
end
***** Outout from PC1 -
PC1>ping 10.1.1.1
Pinging 10.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Hey buddy, i tried my best to explain as simple as possible
& as much as accuracy. Hope this gonna help u to do the work.
Cheers & enjoy the sunday/Funday.... heheheh
| Is This Answer Correct ? | 1 Yes | 0 No |
Referring to the commands shown, what command must next be used on the branch router prior to traffic being sent to the router?
Identify the named IP access-list number range? A.) 600 - 699 B.) 1 - 99 C.) 900 - 999 D.) 200 - 299 E.) none of the above
Regarding frame relay, which of the following statements are true? A.) You must use ANSI encapsulation if connecting to non-Cisco equipment B.) You must use IETF encapsulation if connecing to non-Cisco equipment C.) You must use Q.933a encapsulation if connecing to non-Cisco equipment D.) You must use Cisco encapsulation if connecting to non-Cisco equipment
Which of the following is an example of the Session Layer? A.) TCP B.) SQL C.) IP D.) X-Windows E.) Token Ring F.) LLC
What are some standards supported by the Presentation layer?
What should be the first command to create an access-list that prevents all users on subnetwork 10.10.128.0, using subnet mask 255.255.192.0, from being able to telnet anywhere? A.) access-list 101 deny tcp 10.10.128.0 0.0.63.255 any eq telnet B.) access-list 101 deny tcp 10.10.128.0 255.255.0.0 any eq telnet C.) access-list 101 deny tcp 10.10.128.0 255.255.192.0 any eq telnet D.) access-list 101 deny tcp 10.10.128.0 0.0.192.255 any eq telnet E.) access-list 101 deny tcp 10.10.128.0 0.0.128.255 any eq telnet F.) access-list 101 deny tcp 10.10.128.0 0.0.127.255 any eq telnet
What is the default encapsulation of Netware 3.12? A.) Ethernet_II B.) 802.5 C.) 802.2 D.) 802.3
What is the IEEE specification for Spanning Tree Protocol? A.) 802.9 B.) 803.ud C.) 803 D.) 802.1d
Identify 2 characteristics of PPP? A.) Uses LLC to establish the link B.) Default serial encapsulation C.) Support multiple layer 3 protocols D.) Offers two types of authentication; PAP and CHAP
Using the access-list command, 'access-list 1 deny 2.2.2.2', what else must be done to stop host 2.2.2.2 from sending any traffic out of physical interface E0, while still allowing other traffic? A.) In global mode, Add a line - 'access-list 1 permit 0.0.0.0 255.255.255.255' B.) On interface E0, Add a line - 'access-group 1 in' C.) In global mode, Add a line - 'access-list 1 permit all' D.) On interface E0, Add a line - 'access-list 1 in' E.) On interface E0, Add a line - 'access-list 1 out' F.) On interface E0, Add a line - 'ip access-group 1'
What is loop back ip in ipv6?
What is ISR or NonISR router? Difference between ISR or NonISR router?
CCNA 
