Master CCNA

How to Master CCNA Ebook

 

 

My book will help you Master CCNA

Master CCNP SWITCH

How to master CCNP SWITCH ebook

 

 

My book will help you Master CCNP SWITCH

Master CCNP ROUTE

How to master CCNP ROUTE Ebook

 

 

My book will help you Master CCNP ROUTE

Print

Standard Access-List

Written by Rene Molenaar on . Posted in Security

Scenario:

This morning you woke up in a cell feeling dizzy and nauseous, it appears you were kidnapped by a mixture of agents from federal agencies. Your task is to finish this security test, if you pass you might end up becoming their next security agent...with blurry eyes you start your task!

Goal:

  • All IP addresses have been configured for you, look at the topology picture for the IP addresses.
  • OSPF has been configured for full connectivity.
  • Make sure you use the most specific wildcard for all your access-lists.
  • You are only allowed to use standard access-lists.
  • Configure your network so traffic from router CIA's L0 interface can't reach any networks on router FBI.
  • Extend the access-list you just created to include router CIA's L1 and L2 interface.
  • Configure your network so traffic from router FBI's L0 and L1 interface are unable to reach any networks on router NSA.

Topology:

Standard Access-List

Video Solution:

You need to a flashplayer enabled browser to view this YouTube video

You need to register to be able to download the GNS3 Topology File. (Registration is Free!)

Related Articles
Only registered users can write comments!

Comments (6)

  • avatar
    wbl
    2011-07-19 00:19:03

    In final config NSA
    access-list 2 deny 2.2.0.0 0.0.254.255

  • avatar
    Qnguyen
    2011-07-28 03:49:46


    Why do you have 0.0.254.255 for your wildcard mask?
    access-list 2 deny 2.2.0.0 0.0.254.255


    I thought for /23, you would use the following?
    255.255.255.255 - 255.255.254.0 = wildmask
    NSA(config)#access-list 5 deny 2.2.2.0 0.0.1.255

  • avatar
    Qnguyen
    2011-07-28 03:52:01

    NSA(config)#access-list 5 deny 2.2.0.0 0.0.1.255

  • avatar
    ReneMolenaar
    2011-07-28 10:36:50

    You are totally right! It should be:

    access-list 2 deny 2.2.0.0 0.0.254.255

    Just did it on top of my head and made a mistake while recording the video (*shame on me*)!

    Rene

  • avatar
    baldwinboy3
    2012-04-19 23:26:55

    I went to do this lab and no configs for IP address or OSPF are on the routers. Can you provide the pre configs so I dont have to do this?

  • avatar
    ReneMolenaar
    2012-04-23 12:53:53

    I just checked the configs, all routers have a startup-config that has IP addresses and OSPF pre-configured.

    Did you check if GNS3 is using the configs or just opening the topology.net file?