simulation - finding IP address of remote host

Unanswered Question
Nov 2nd, 2007

I took the CCNA on thurs and I had trouble with both of the simulations I ran into. I was asked to create an ACL on a router to allow access from 1 pc to a remote intranet server & deny others, then allowing to public web server, but I could not figure out how to find the IP address of the remote server(s) since the console was only available on 1 router.

Any ideas on finding out the ip addresses or ohter devices on remote networks. I must be missing something but both sims I had needed this info, it wasn't provided, and I took too much time trying to figure it out. Help appreciated I retake next week.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kirramas Fri, 11/02/2007 - 14:36

You may want to mention what kind of server was that. You have not provided that information in here.

Your ACL would then probably deny access to that one server based on the port (telnet server, ftp server, etc..) and allow access to webserver (port 80). And you would then apply this ACL on the interface connected to the host so that the traffic from the host is blocked at the router and would not get propagated into the entire internetwork.

cruiserrg Fri, 11/02/2007 - 15:54

Yes, I should elaborate. I asked to allow traffic to a intranet wed server for 1 of the multiple clients, then deny for the rest of the clients to the intranet web server, then permit all to the rest of the remote network. Trouble was one of the other servers was a public web server. I couldn't use a acl with just port 80 since there was 2 web servers and needed to know it's ip. That is unless you can specify a server by host name in an access-list line.

alanc3141592654 Fri, 11/02/2007 - 15:59

were you able to telnet from the router with the console connection?

how about show cdp neighbor detail?

A

cruiserrg Fri, 11/02/2007 - 17:12

I suppose I could have telneted to the remote router or switch and do a show cdp neighbor command, but wouldn't that only show cisco devices like routers and switches and not servers attached to the remote switch?

miller811 Sat, 11/03/2007 - 05:36

Are you sure you scrolled down and read all the possible information supplied?

Check the topology etc?

I took the exam on Monday and encountered a similar situation on a different type of question and was thrown into a panic. I did not think I had the information needed to answer the questions. I attempted to telnet, access the pc and run ipconfig, etc. I turned out that the information was there I just needed to scroll down and read it.

jslimick83 Sat, 11/03/2007 - 14:28

I took the test as well this week. The information was provided if you scrolled down. The simulation question I had problems with is how to determine the VTP server when you only have access to the VTP client switch. Does anyone know how to get this information from a show command?

learnerkang Sun, 11/04/2007 - 03:12

So how to get this info from show command. Is there anybody here who knows?

xs_echoss Sun, 11/04/2007 - 06:11

Most information you need you can get from 'show vtp status', or 'show cdp neighbor detail'.

learnerkang Sun, 11/04/2007 - 06:22

I tried "show vtp status" on my lab but it only give you status for the switch I connect to; For example, the current switch is VTP client, how did you know which switch is VTP server if I didn't have access to other switches.

xs_echoss Sun, 11/04/2007 - 06:29

you do not have to know how many vtp server there are, and which one is. in 'show vtp status', you will see the last update coming from an address(either IP or MAC, i could not remember now). That address must be a vtp server address. Then you can using cdp command to find the host name.

bpdons123 Sun, 11/04/2007 - 01:46

I had this question also this week and too couldn't find the exact IP address of the web server. I just applied the range of addresses in that server subnet to my ACL's.

When testing from the hosts, I used the starting ip address from the range and only 1 host had www access accepted, while another the others were denied www access.

That was good enough for me to continue

xs_echoss Sun, 11/04/2007 - 06:32

Be sure you scroll down to read all the information given for the questions, mostly they give all the info. you need, though i admit there is mistake in the exam.

kirramas Sun, 11/04/2007 - 06:41

I had earlier posted a response to this question. However, I have another solution after seeing many innovative approaches to this query.

Upon reading the question many times, I have this thought that the exam is actually looking for you to put an ACL on the nearest router to the source PC based on PC's address.

This way, you can filter access to the remote intranet server (if the network address of that server is known atleast, if not the actual ip address of the server) and allow access to webserver (based on port 80 or eq www) while the implicit deny will filter the rest.

However, if you cam provide this consortium with a rough sketch of the network diagram, a permanent solution can be found at the earliest.

learnerkang Sun, 11/04/2007 - 06:49

By the way, does SIMs on the exam accept the name for protocols such as www or rip for ACL?

cruiserrg Mon, 11/05/2007 - 05:32

From the responses, i may have missed some of the information, but that is hard to tell.

As far as a rough sketch, there were 2 routers connected together and a switch connected to each. One switch had PCs, the other 3 servers, an intra net web server, a public web server, and a 3rd server.

The console was attached to the router nearest the pcs. I was given the PCs IPs, but did not see the servers, IP. Was asked to create an access-list to allow a single pc access to the intranet server, deny traffic from all other pcs to the intranet server, and allow all other traffic.

I could have solved it if I had know the IPs of the servers, or if there was only 1 webserver.

soon_writeme@ho... Mon, 11/05/2007 - 17:47

I also got ACL question in CCNA exams, most of things were mentioned, may be not straight as you want, but if you read whole question, scroll down, and use show running-config command, you will get most of things which you want.

Actions

This Discussion