Need help with an access list.

Unanswered Question
May 31st, 2007

We got a lab in class last night. Our teacher wasn't there so we were completelt on our own. I got 2 out of the 3, but this one I'm completely stumped. Am I supposed to make a named access list? We can't make a VLAN on the switch either, it all has to be in the routers.

http://i160.photobucket.com/albums/t192/abrrymnvette/AndyB.jpg

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
bvsnarayana03 Thu, 05/31/2007 - 23:08

Use subnetting to break the major network to small chunks. Assign Ip each from subnet to hosts. Now u can apply standard ACL with permit/deny for each IP host.

guruprasadr Thu, 05/31/2007 - 23:37

HI abrrymnvette, [Pls Rate if Helps]

Break the Major class B Subnet as small Chunks (even smaller than as show in this example). I have divided just for example.

172.16.0.1 - 172.16.0.255 - WebServer

172.16.1.1 - 172.16.1.255 - Network A

172.16.2.1 - 172.16.2.255 - Network B

172.16.3.1 - 172.16.3.255 - RouterA - RouterB

ACLS:

Router B:

access-list 10 permit tcp ip host 172.16.0.1 eq http 172.16.1.0 0.0.0.255

Router A:

access-list 20 permit tcp ip host 172.16.1.1 eq telnet host 172.16.3.0 0.0.0.255

access-list 30 deny icmp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255

Pls Re-check the same & go-ahead with your LAB.

PLs Rate if Helps

Best Regards,

Guru Prasad R

abrrymnvette Fri, 06/01/2007 - 05:13

Thanks for the responses guys. What I don't understand is how you keep the PC on network B from accessing the Web Server A that's also on network B. I doesn't need to go through the router to get to it, so how's an ACL going to stop it?

abrrymnvette Fri, 06/01/2007 - 05:15

Nevermind, I see it now. I wasn't seeing the break it down even further and make each node it's own network on the network segment. Thanks a ton guys. I don't know why I didn't see to do that. Greatly appreciated!!!!!!

Actions

This Discussion