ACL Q - CCNA

Unanswered Question
Jun 29th, 2007

Hello all,

I'm studying for a CCNA and I need some help:

I have a scenario here:

http://i3.photobucket.com/albums/y92/ddzc/ACLQ.jpg

Switch 1 - Student Network = 172.16.62.0/24

Switch 2 - Library Server - 172.16.63.252/24

Switch 3 - Records Server - 172.16.64.254/24

The badly drawn cloud to router 3 is the internet.

Switch 1 to Switch 1 = E0

Router 1 to Router 2 - R1=S0, R2=S1

Router 2 to Router 3 - R2=S0, R3=S1

Router 3 to Internet - S0

Router 3 to Switch 3 = E0

Router 2 to Switch 2 = E0

In the network, an access list was created in order to prevent students and outsiders on the internet from changing student files in the records server, while still allowing other department in the enterprise access. The access control list was applied to the e0 interface of the router 3 router going outbound.

I was given the answer for the above scenario. The following answer was given to me:

permit 172.16.0.0 0.0.255.255 172.16.64.254 0.0.0.0

deny 172.16.64.254 0.0.0.255 172.16.64.254 0.0.0.0

The issue with this scenario is that no other i.p's or networks we're given to me. So I thought I had to allow the library server access to the records server and block the student network, and the implicit deny all will block users from the internet.

I thought this was the answer:

permit 172.16.63.252 0.0.0.0 172.16.64.254 0.0.0.0

deny 172.16.62.0 0.0.0.255 172.16.64.254 0.0.0.0

Can anyone explain to me what i'm doing wrong here?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
danny9797 Fri, 06/29/2007 - 16:34

Hello everyone,

I have another one as well:

http://i3.photobucket.com/albums/y92/ddzc/ACL2.jpg

Router 1 has 4 connections to the following IP's:

192.168.175.0/24

192.168.160.0/24

192.168.191.0/24

192.168.195.0/24

Router 1 - SO

Router 2 - S1

Router 2 - Server - fa0/0

You need to place an access list on the FA0 interface of the Router2 router; that will deny access to all hosts that lie within the range 192.168.160.0-192.168.191.0. Hosts in the 192.168.195.0 network should be granted full access.

The answer given to me was:

access-list 1 deny 192.168.0.0 0.0.31.255

I though this was the correct answer:

access-list 1 deny 192.168.160.0 0.0.31.255

Any idea on what I did wrong here as well?

Actions

This Discussion