Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    BJ4H-8 Class Activities

    Uploaded by

    Danny Rizun
    The document describes several scenarios involving configuring extended ACLs on routers to control network access and traffic flow. It involves: 1) Configuring an extended ACL to permit FTP and ICMP from PC1 while allowing HTTP and ICMP from PC2, applying each ACL to the correct interface. 2) Implementing a policy using a named extended ACL to block certain protocols between devices and servers. 3) Building a network in PT and configuring IP addresses and ACLs to verify connectivity between devices as specified.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    BJ4H-8 Class Activities

    Uploaded by

    Danny Rizun
    24 views7 pages
    The document describes several scenarios involving configuring extended ACLs on routers to control network access and traffic flow. It involves: 1) Configuring an extended ACL to permit FTP and ICMP from PC1 while allowing HTTP and ICMP from PC2, applying each ACL to the correct interface. 2) Implementing a policy using a named extended ACL to block certain protocols between devices and servers. 3) Building a network in PT and configuring IP addresses and ACLs to verify connectivity between devices as specified.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes several scenarios involving configuring extended ACLs on routers to control network access and traffic flow. It involves: 1) Configuring an extended ACL to permit FTP and ICMP from PC1 while allowing HTTP and ICMP from PC2, applying each ACL to the correct interface. 2) Implementing a policy using a named extended ACL to block certain protocols between devices and servers. 3) Building a network in PT and configuring IP addresses and ACLs to verify connectivity between devices as specified.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    24 views7 pages

    BJ4H-8 Class Activities

    Uploaded by

    Danny Rizun
    The document describes several scenarios involving configuring extended ACLs on routers to control network access and traffic flow. It involves: 1) Configuring an extended ACL to permit FTP and ICMP from PC1 while allowing HTTP and ICMP from PC2, applying each ACL to the correct interface. 2) Implementing a policy using a named extended ACL to block certain protocols between devices and servers. 3) Building a network in PT and configuring IP addresses and ACLs to verify connectivity between devices as specified.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 7

    BJ4H-8 Extended ACLs worksheet

    Build the below network in PT, configure the IP addresses, and verify the connectivity between the end devices

    Scenario:

    PC1 only needs FTP access while PC2 only needs web access. Both computers need to be able to ping the server, but
    not each other.

    - Configure extended numbered access list for to permit FTP and ICMP from PC-1 LAN
    - Apply the access list on the correct interface

    - Configure an extended named access list to permit HTTP and ICMMP from PC-2 LAN
    - Apply the access list on the correct interface

    Page 1 of 7
    BJ4H-8 Extended ACLs worksheet

    Build the below network in PT, configure the IP addresses, routing, and verify the connectivity between the end
    devices

    Scenario:

    Specific devices on the LAN are allowed to various services on servers located on the internet.

    - Configure one named extended access list to implement the following policy:
    o Block HTTP and HTTPS access from PC0 to server0
    o Block FTP access from PC1 to server0
    o Permit all other IP traffic
    - Configure a standard access list to permit telnet from PC0 and block telnet from any other device.

    Page 2 of 7
    BJ4H-8 Extended ACLs worksheet

    1. Which of the following statements is false when a packet is being compared to an access list?

    A. It’s always compared with each line of the access list in sequential order.

    B. Once the packet matches the condition on a line of the access list, the packet is

    acted upon and no further comparisons take place.

    C. There is an implicit “deny” at the end of each access list.

    D. Until all lines have been analyzed, the comparison is not over.

    2. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0.
    Which of the following lists will you use?

    A. access-list 10 deny 192.168.160.0 255.255.224.0

    B. access-list 10 deny 192.168.160.0 0.0.191.255

    C. access-list 10 deny 192.168.160.0 0.0.31.255

    D. access-list 10 deny 192.168.0.0 0.0.31.255

    3. You have created a named access list called Blocksales. Which of the following is a valid command for applying this
    to packets trying to enter interface Fa0/0 of your router?

    A. (config)#ip access-group 110 in

    B. (config-if)#ip access-group 110 in

    C. (config-if)#ip access-group Blocksales in

    D. (config-if)#Blocksales ip access-list in

    4. Which access list statement will permit all HTTP sessions to network 192.168.144.0/24 containing web servers?

    A. access-list 110 permit tcp 192.168.144.0 0.0.0.255 any eq 80

    B. access-list 110 permit tcp any 192.168.144.0 0.0.0.255 eq 80

    C. access-list 110 permit tcp 192.168.144.0 0.0.0.255 192.168.144.0 0.0.0.255 any eq 80

    D. access-list 110 permit udp any 192.168.144.0 eq 80

    5. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?

    A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www

    B. access-list 10 deny tcp any 196.15.7.0 eq www

    C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www

    D. access-list 110 permit ip any 196.15.7.0 0.0.0.255

    E. access-list 110 permit www 196.15.7.0 0.0.0.255

    Page 3 of 7
    BJ4H-8 Extended ACLs worksheet

    6. What router command allows you to determine whether an IP access list is enabled on a particular interface?

    A. show ip port

    B. show access-lists

    C. show ip interface

    D. show access-lists interface

    7. Which of the following is the wildcard (inverse) version of a /27 mask?

    A. 0.0.0.7

    B. 0.0.0.31

    C. 0.0.0.27

    D. 0.0.31.255

    8. The following access list has been applied to an interface on a router:

    access-list 101 deny tcp 199.111.16.32 0.0.0.31 host 199.168.5.60

    Which of the following IP addresses will be blocked because of this single rule in the list? (Choose all that apply.)

    A. 199.111.16.67

    B. 199.111.16.38

    C. 199.111.16.65

    D. 199.11.16.54

    Page 4 of 7
    BJ4H-8 Extended ACLs worksheet

    9. Which of the following series of commands will restrict Telnet access to the router?

    A. Lab_A(config)#access-list 10 permit 172.16.1.1

    Lab_A(config)#line con 0

    Lab_A(config-line)#ip access-group 10 in

    B. Lab_A(config)#access-list 10 permit 172.16.1.1

    Lab_A(config)#line vty 0 4

    Lab_A(config-line)#access-class 10 out

    C. Lab_A(config)#access-list 10 permit 172.16.1.1

    Lab_A(config)#line vty 0 4

    Lab_A(config-line)#access-class 10 in

    D. Lab_A(config)#access-list 10 permit 172.16.1.1

    Lab_A(config)#line vty 0 4

    Lab_A(config-line)#ip access-group 10 in

    10. Which of the following is true regarding access lists applied to an interface?

    A. You can place as many access lists as you want on any interface until you run out of memory.

    B. You can apply only one access list on any interface.

    C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.

    D. You can apply two access lists to any interface.

    11. What are two uses of an access control list? (Choose two.)
    A. ACLs assist the router in determining the best path to a destination.
    B. Standard ACLs can restrict access to specific applications and ports.
    C. ACLs provide a basic level of security for network access.
    D. ACLs can permit or deny traffic based upon the MAC address originating on the router.
    E. ACLs can control which areas a host can access on a network.

    Page 5 of 7
    BJ4H-8 Extended ACLs worksheet

    12. Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after
    the command no access-list 10 is entered?

    A. ACL 10 is disabled on Fa0/1.


    B. ACL 10 is removed from the running configuration.
    C. ACL 10 will be disabled and removed after R1 restarts.
    D. ACL 10 is removed from both the running configuration and the interface Fa0/1.

    13. In applying an ACL to a router interface, which traffic is designated as outbound?


    A. traffic that is coming from the source IP address into the router
    B. traffic that is leaving the router and going toward the destination host
    C. traffic that is going from the destination IP address into the router
    D. traffic for which the router can find no routing table entry

    14. Which scenario would cause an ACL misconfiguration and deny all traffic?
    A. Apply a standard ACL in the inbound direction.
    B. Apply a named ACL to a VTY line.
    C. Apply an ACL that has all deny ACE statements.
    D. Apply a standard ACL using the ip access-group out command.

    Page 6 of 7
    BJ4H-8 Extended ACLs worksheet

    15. Refer to the exhibit. A network administrator wants to create a standard ACL to prevent network 1
    traffic from being transmitted to the Research and Development network. On which router interface and in
    which direction should the standard ACL be applied?

    A. R1 Gi0/0 inbound
    B. R1 Gi0/0 outbound
    C. R1 S0/0/0 outbound
    D. R2 S0/0/0 inbound
    E. R2 Gi0/0 outbound
    F. R2 Gi0/0 inbound

    Page 7 of 7

    You might also like