The document contains questions and answers about configuring and applying access control lists (ACLs) on routers. Some key points:
- ACL entries are assigned sequence numbers, with new entries added at the end by default.
- Inbound ACLs are more efficient than outbound ACLs as they can deny packets before routing lookups.
- ACLs can be used to filter traffic, specify NAT source addresses, and identify traffic for QoS among other uses.
- Standard ACLs filter based on source address only while extended ACLs can filter on additional fields and factors.
The document contains questions about network access control lists (ACLs). Some key points:
- ACLs can be used to filter traffic by source/destination IP addresses, protocols, ports and more. Standard ACLs filter based on source IP, extended ACLs add destination IP and other criteria.
- The position and direction an ACL is applied impacts what traffic it filters. Inbound ACLs filter traffic as it enters an interface while outbound ACLs filter traffic exiting an interface.
- ACL rules are processed sequentially, with the first match determining if a packet is permitted or denied. Administrators must carefully craft rule orders and contents to implement desired security policies.
4.1.1.10 packet tracer configuring extended ac ls scenario 1mps125
This document describes configuring and testing extended access control lists (ACLs) on a router to filter traffic between two PCs and a server. It outlines configuring a numbered ACL to permit FTP and ICMP from PC1 to the server, and a named ACL to permit HTTP and ICMP from PC2 to the server. The ACLs are applied to router interfaces and testing verifies only allowed traffic succeeds while denied traffic fails.
The document describes steps to configure a network including: designing an IP addressing scheme; configuring DHCP, WAN technologies, EIGRP routing, and NAT; and implementing ACLs for security. Key steps include subnetting the 172.16.1.128/25 network and assigning addresses, configuring R3 as a DHCP server, enabling routing with EIGRP, using NAT on R2 for Internet access, and applying ACLs to restrict access between networks.
Network topology is the topological structure of a system and might be portrayed physically or sensibly. It is an utilization of chart hypothesis wherein conveying gadgets are demonstrated as hubs and the associations between the gadgets are displayed as connections or lines between the hubs.
ACL (Access Control List) is a layer 3 security feature that controls traffic flow between routers by matching packets based on various criteria like source/destination IP addresses, protocols, and port numbers. There are standard, extended, and named ACLs that provide different matching capabilities. ACLs are configured on router interfaces using access lists and access groups to filter inbound or outbound traffic.
The document discusses access control lists (ACLs), including:
1) ACLs are used for packet filtering and can allow or deny traffic based on source/destination IP addresses and TCP/UDP ports.
2) Standard ACLs filter based on source IP address, extended ACLs add destination IP address and ports.
3) ACLs are configured with numbers or names and applied to interfaces to filter incoming or outgoing traffic.
The document discusses access control lists (ACLs), explaining that ACLs allow routers to filter network traffic by creating lists of conditions to categorize packets and then applying those lists to interfaces. It covers the basics of creating standard ACLs with permit and deny statements for source IP addresses and applying the ACLs to interfaces to filter incoming and outgoing traffic.
Configure Cisco Routers for Syslog, NTP, and SSH Operations Kelson Silva
This document provides instructions to configure OSPF MD5 authentication, NTP, syslog logging, and SSH on routers to improve network security. Key steps include configuring OSPF MD5 authentication between routers, configuring routers as NTP clients to synchronize time with authentication, configuring routers to log messages to a syslog server, and configuring one router to accept only SSH connections and generate an RSA key pair for encryption.
The document contains questions about network access control lists (ACLs). Some key points:
- ACLs can be used to filter traffic by source/destination IP addresses, protocols, ports and more. Standard ACLs filter based on source IP, extended ACLs add destination IP and other criteria.
- The position and direction an ACL is applied impacts what traffic it filters. Inbound ACLs filter traffic as it enters an interface while outbound ACLs filter traffic exiting an interface.
- ACL rules are processed sequentially, with the first match determining if a packet is permitted or denied. Administrators must carefully craft rule orders and contents to implement desired security policies.
4.1.1.10 packet tracer configuring extended ac ls scenario 1mps125
This document describes configuring and testing extended access control lists (ACLs) on a router to filter traffic between two PCs and a server. It outlines configuring a numbered ACL to permit FTP and ICMP from PC1 to the server, and a named ACL to permit HTTP and ICMP from PC2 to the server. The ACLs are applied to router interfaces and testing verifies only allowed traffic succeeds while denied traffic fails.
The document describes steps to configure a network including: designing an IP addressing scheme; configuring DHCP, WAN technologies, EIGRP routing, and NAT; and implementing ACLs for security. Key steps include subnetting the 172.16.1.128/25 network and assigning addresses, configuring R3 as a DHCP server, enabling routing with EIGRP, using NAT on R2 for Internet access, and applying ACLs to restrict access between networks.
Network topology is the topological structure of a system and might be portrayed physically or sensibly. It is an utilization of chart hypothesis wherein conveying gadgets are demonstrated as hubs and the associations between the gadgets are displayed as connections or lines between the hubs.
ACL (Access Control List) is a layer 3 security feature that controls traffic flow between routers by matching packets based on various criteria like source/destination IP addresses, protocols, and port numbers. There are standard, extended, and named ACLs that provide different matching capabilities. ACLs are configured on router interfaces using access lists and access groups to filter inbound or outbound traffic.
The document discusses access control lists (ACLs), including:
1) ACLs are used for packet filtering and can allow or deny traffic based on source/destination IP addresses and TCP/UDP ports.
2) Standard ACLs filter based on source IP address, extended ACLs add destination IP address and ports.
3) ACLs are configured with numbers or names and applied to interfaces to filter incoming or outgoing traffic.
The document discusses access control lists (ACLs), explaining that ACLs allow routers to filter network traffic by creating lists of conditions to categorize packets and then applying those lists to interfaces. It covers the basics of creating standard ACLs with permit and deny statements for source IP addresses and applying the ACLs to interfaces to filter incoming and outgoing traffic.
Configure Cisco Routers for Syslog, NTP, and SSH Operations Kelson Silva
This document provides instructions to configure OSPF MD5 authentication, NTP, syslog logging, and SSH on routers to improve network security. Key steps include configuring OSPF MD5 authentication between routers, configuring routers as NTP clients to synchronize time with authentication, configuring routers to log messages to a syslog server, and configuring one router to accept only SSH connections and generate an RSA key pair for encryption.
Deploy Failover/High Availability in ASA FirewallKHNOG
This document provides an overview of high availability network design using failover. It discusses failover concepts and terminology, deployment, configuration, and behaviors. The key aspects covered include active/standby configuration and operation, failover requirements, and trigger conditions for failover.
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
The document describes a network topology and provides instructions to configure IP access control lists (ACLs) on routers to secure access and mitigate attacks. The objectives are to verify basic connectivity, configure ACLs to allow only remote access from PC-C to the routers, create ACLs on R1 to permit/deny specific services to external hosts, modify an ACL on R1 to allow ping, and create ACLs on R3 to block private addresses and deny outbound traffic with spoofed source addresses.
An IPSec VPN is configured between routers R1 and R2 using RSA signatures for authentication. NTP and a CA server are also configured to synchronize time and authenticate certificates between the routers. IKEv2 is then used to configure an IPSec VPN between routers R1 and R3 using pre-shared keys for authentication.
This document contains questions and answers related to CCNA 1 Chapter 11 exam. It provides the questions asked in the exam and lists possible multiple choice answers for each question. The document also includes router configuration examples and partial router outputs related to some of the troubleshooting questions.
This chapter discusses network security concepts like types of attacks, mitigation techniques, and access control lists. Standard access lists filter based on source IP addresses while extended lists can filter on additional attributes like destination IP, protocol, and port numbers. Access lists are applied to router interfaces to permit or deny traffic and are evaluated sequentially from top to bottom. They help control access to router VTY lines and filter inbound or outbound traffic.
The document describes a network configuration activity with the following objectives:
1. Create a redundant trunk link between two switches and configure VLAN trunking and security.
2. Implement a management VLAN and connect a management PC for secure access to network devices.
3. Use an ACL on the router interface to allow the management PC access while preventing other devices from accessing the management VLAN.
This document contains the configurations of three switches - ALS1, DLS1, and DLS2. ALS1 connects to DLS1 and DLS2 via port channels. DLS1 and DLS2 each have VLANs configured for different departments and services. They are also configured with HSRP for default gateways and EIGRP for routing. Interfaces are configured for trunking between the switches and access ports for end devices. Basic device settings like SSH, logging, SNMP are also configured.
Basic ip traffic management with access control listsSourabh Badve
The document discusses basic concepts of access control lists (ACLs) including the types of ACLs, how they are configured and used, and how traffic is processed when ACLs are applied. It provides details on standard and extended ACLs, how they can be used to filter traffic by source/destination IP addresses, protocols, ports and ICMP message types. The document also covers best practices for verifying, monitoring and placing ACLs on network interfaces.
Tri aoi training-supplementary_2011.01Ralph Nguyen
This document provides information on installing and configuring TRI-AOI inspection equipment, including:
- Installation modes for different production environments such as inline, offline, and standalone
- Network configuration details for connecting multiple AOI and SPI devices across 9 lines
- Specifications for main machines, main PCs, repair PCs, and SPC computers including model numbers, serial numbers, IP addresses, and other network settings
This document describes how to configure a zone-based policy firewall (ZPF) on router R3 to allow internal hosts to access external resources while blocking external hosts from accessing internal resources. It involves verifying basic network connectivity, creating firewall zones, defining traffic classes and access lists, specifying firewall policies, applying policies to zone pairs, and testing functionality from the internal and external zones.
In transparent mode, a switch can create VLANs, ignore VTP messages, and not pass local VLAN information to other VTP domain members. Extended ACLs can filter traffic based on source and destination address, protocol, and specific port number. LCP manages compression and tests link quality in a PPP connection between routers. Adding a route will forward packets for the specified subnet range out a particular interface.
The document outlines steps to configure Layer 2 security on a network. It includes assigning the central switch as the root bridge, securing spanning tree parameters, enabling storm control, and enabling port security. The objectives are to prevent spanning tree attacks, broadcast storms, and MAC address table overflow attacks. The steps describe configuring root bridge priority, PortFast, BPDU guard, root guard, storm control levels, port security limits, and disabling unused ports on switches to achieve the security goals.
This document contains configurations for Cisco routers, including:
1. Interface configurations for E1 and serial interfaces with descriptions and multilink PPP settings.
2. Site-to-site VPN and Easy VPN configurations using IPSec.
3. Control plane policies to limit traffic like Telnet, SNMP, and ICMP.
4. Other settings like IP aliases, QoS, time ranges, route maps, NTP, TACACS, RADIUS, DHCP, and ISDN.
This document describes the configuration of a network topology with VLANs, trunking, routing, and NAT. The key tasks are:
1. Configure switches and routing with VLANs, VTP, EIGRP, and trunking to separate traffic from different client groups.
2. Perform PAT on routers R1 and R2 to allow clients to access the internet.
3. Configure a web server for clients to access via its IP address or domain name.
The document describes the basic BGP configuration of routers R1, R2, and ISPs Airtel, Reliance, and Vodafone. It defines the interfaces of each router and ISP with IP addresses. It also outlines the BGP configuration of each entity with AS numbers, neighbor definitions, and network advertisements. Troubleshooting commands like show ip route, show ip bgp summary, and show ip bgp neighbor are listed.
An access control list (ACL) is a sequential list of permit or deny statements that apply to network traffic and are used to control what traffic is allowed or denied on a network interface. ACLs can filter traffic based on source/destination IP addresses, protocols, and port numbers. Standard ACLs filter only on source IP addresses while extended ACLs can filter on additional parameters. ACLs are applied to interfaces using the ip access-group command to implement the access control on inbound or outbound traffic on that interface.
The document provides instructions for configuring the Cisco ATA 186 analog telephone adapter through three methods: the interactive voice response system, a web server, or a TFTP server. It describes connecting an analog phone to the adapter, accessing the IVR to configure basic IP settings like the IP address, subnet mask and default gateway. It also covers troubleshooting connectivity issues that can arise from VLAN configuration and accessing the web interface to complete additional configurations. The document includes prerequisites, components used, and conventions along with sections on initial setup, configuration options, and related information.
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
This document provides instructions for configuring NTP, syslog, and SSH services on three routers. It describes configuring the routers as NTP clients to synchronize time with an NTP server, configure logging to a syslog server, and configure SSH on one router to allow secure remote access. The objectives are to configure NTP, syslog, SSH users, RSA key pairs, and verify connectivity over SSH from PCs and other routers.
- Access control lists (ACLs) allow or deny network traffic passing through a router based on source and destination IP addresses, protocols, and port numbers.
- There are two main types of ACLs: standard ACLs which filter based on source IP addresses, and extended ACLs which filter on source/destination IP addresses, protocols, and port numbers.
- ACLs can be numbered or named, with named ACLs allowing selective editing of statements not possible with numbered ACLs.
Cisco discovery d homesb module 6 - v.4 in english.igede tirtanata
The document contains questions and answers about networking concepts like the TCP/IP model, IP addressing, protocols, and the OSI model. Specifically:
- www.cisco.com represents the domain name of a web server, not an IP address, router interface, or other network details.
- An email server would use IMAP to allow email clients to access email messages stored on the server.
- In a corporate environment, a DHCP server would most likely be used first by network clients to obtain an IP address.
- The layers of the TCP/IP model are application, transport, internet, and network access.
- The OSI reference model layers are physical, data link, network, transport
Cisco discovery d homesb module 4 - v.4 in english.igede tirtanata
The document is a multiple choice quiz about networking and internet concepts. It contains questions about definitions of internet and point of presence, characteristics of internet service providers' backbones and business services, requirements to connect to the internet, networking devices like routers and switches, and cabling types and standards. The questions cover topics like the definition of internet, functions of networking devices, characteristics of different internet connections and services, and cable types and their applications.
Deploy Failover/High Availability in ASA FirewallKHNOG
This document provides an overview of high availability network design using failover. It discusses failover concepts and terminology, deployment, configuration, and behaviors. The key aspects covered include active/standby configuration and operation, failover requirements, and trigger conditions for failover.
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
The document describes a network topology and provides instructions to configure IP access control lists (ACLs) on routers to secure access and mitigate attacks. The objectives are to verify basic connectivity, configure ACLs to allow only remote access from PC-C to the routers, create ACLs on R1 to permit/deny specific services to external hosts, modify an ACL on R1 to allow ping, and create ACLs on R3 to block private addresses and deny outbound traffic with spoofed source addresses.
An IPSec VPN is configured between routers R1 and R2 using RSA signatures for authentication. NTP and a CA server are also configured to synchronize time and authenticate certificates between the routers. IKEv2 is then used to configure an IPSec VPN between routers R1 and R3 using pre-shared keys for authentication.
This document contains questions and answers related to CCNA 1 Chapter 11 exam. It provides the questions asked in the exam and lists possible multiple choice answers for each question. The document also includes router configuration examples and partial router outputs related to some of the troubleshooting questions.
This chapter discusses network security concepts like types of attacks, mitigation techniques, and access control lists. Standard access lists filter based on source IP addresses while extended lists can filter on additional attributes like destination IP, protocol, and port numbers. Access lists are applied to router interfaces to permit or deny traffic and are evaluated sequentially from top to bottom. They help control access to router VTY lines and filter inbound or outbound traffic.
The document describes a network configuration activity with the following objectives:
1. Create a redundant trunk link between two switches and configure VLAN trunking and security.
2. Implement a management VLAN and connect a management PC for secure access to network devices.
3. Use an ACL on the router interface to allow the management PC access while preventing other devices from accessing the management VLAN.
This document contains the configurations of three switches - ALS1, DLS1, and DLS2. ALS1 connects to DLS1 and DLS2 via port channels. DLS1 and DLS2 each have VLANs configured for different departments and services. They are also configured with HSRP for default gateways and EIGRP for routing. Interfaces are configured for trunking between the switches and access ports for end devices. Basic device settings like SSH, logging, SNMP are also configured.
Basic ip traffic management with access control listsSourabh Badve
The document discusses basic concepts of access control lists (ACLs) including the types of ACLs, how they are configured and used, and how traffic is processed when ACLs are applied. It provides details on standard and extended ACLs, how they can be used to filter traffic by source/destination IP addresses, protocols, ports and ICMP message types. The document also covers best practices for verifying, monitoring and placing ACLs on network interfaces.
Tri aoi training-supplementary_2011.01Ralph Nguyen
This document provides information on installing and configuring TRI-AOI inspection equipment, including:
- Installation modes for different production environments such as inline, offline, and standalone
- Network configuration details for connecting multiple AOI and SPI devices across 9 lines
- Specifications for main machines, main PCs, repair PCs, and SPC computers including model numbers, serial numbers, IP addresses, and other network settings
This document describes how to configure a zone-based policy firewall (ZPF) on router R3 to allow internal hosts to access external resources while blocking external hosts from accessing internal resources. It involves verifying basic network connectivity, creating firewall zones, defining traffic classes and access lists, specifying firewall policies, applying policies to zone pairs, and testing functionality from the internal and external zones.
In transparent mode, a switch can create VLANs, ignore VTP messages, and not pass local VLAN information to other VTP domain members. Extended ACLs can filter traffic based on source and destination address, protocol, and specific port number. LCP manages compression and tests link quality in a PPP connection between routers. Adding a route will forward packets for the specified subnet range out a particular interface.
The document outlines steps to configure Layer 2 security on a network. It includes assigning the central switch as the root bridge, securing spanning tree parameters, enabling storm control, and enabling port security. The objectives are to prevent spanning tree attacks, broadcast storms, and MAC address table overflow attacks. The steps describe configuring root bridge priority, PortFast, BPDU guard, root guard, storm control levels, port security limits, and disabling unused ports on switches to achieve the security goals.
This document contains configurations for Cisco routers, including:
1. Interface configurations for E1 and serial interfaces with descriptions and multilink PPP settings.
2. Site-to-site VPN and Easy VPN configurations using IPSec.
3. Control plane policies to limit traffic like Telnet, SNMP, and ICMP.
4. Other settings like IP aliases, QoS, time ranges, route maps, NTP, TACACS, RADIUS, DHCP, and ISDN.
This document describes the configuration of a network topology with VLANs, trunking, routing, and NAT. The key tasks are:
1. Configure switches and routing with VLANs, VTP, EIGRP, and trunking to separate traffic from different client groups.
2. Perform PAT on routers R1 and R2 to allow clients to access the internet.
3. Configure a web server for clients to access via its IP address or domain name.
The document describes the basic BGP configuration of routers R1, R2, and ISPs Airtel, Reliance, and Vodafone. It defines the interfaces of each router and ISP with IP addresses. It also outlines the BGP configuration of each entity with AS numbers, neighbor definitions, and network advertisements. Troubleshooting commands like show ip route, show ip bgp summary, and show ip bgp neighbor are listed.
An access control list (ACL) is a sequential list of permit or deny statements that apply to network traffic and are used to control what traffic is allowed or denied on a network interface. ACLs can filter traffic based on source/destination IP addresses, protocols, and port numbers. Standard ACLs filter only on source IP addresses while extended ACLs can filter on additional parameters. ACLs are applied to interfaces using the ip access-group command to implement the access control on inbound or outbound traffic on that interface.
The document provides instructions for configuring the Cisco ATA 186 analog telephone adapter through three methods: the interactive voice response system, a web server, or a TFTP server. It describes connecting an analog phone to the adapter, accessing the IVR to configure basic IP settings like the IP address, subnet mask and default gateway. It also covers troubleshooting connectivity issues that can arise from VLAN configuration and accessing the web interface to complete additional configurations. The document includes prerequisites, components used, and conventions along with sections on initial setup, configuration options, and related information.
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
This document provides instructions for configuring NTP, syslog, and SSH services on three routers. It describes configuring the routers as NTP clients to synchronize time with an NTP server, configure logging to a syslog server, and configure SSH on one router to allow secure remote access. The objectives are to configure NTP, syslog, SSH users, RSA key pairs, and verify connectivity over SSH from PCs and other routers.
- Access control lists (ACLs) allow or deny network traffic passing through a router based on source and destination IP addresses, protocols, and port numbers.
- There are two main types of ACLs: standard ACLs which filter based on source IP addresses, and extended ACLs which filter on source/destination IP addresses, protocols, and port numbers.
- ACLs can be numbered or named, with named ACLs allowing selective editing of statements not possible with numbered ACLs.
Cisco discovery d homesb module 6 - v.4 in english.igede tirtanata
The document contains questions and answers about networking concepts like the TCP/IP model, IP addressing, protocols, and the OSI model. Specifically:
- www.cisco.com represents the domain name of a web server, not an IP address, router interface, or other network details.
- An email server would use IMAP to allow email clients to access email messages stored on the server.
- In a corporate environment, a DHCP server would most likely be used first by network clients to obtain an IP address.
- The layers of the TCP/IP model are application, transport, internet, and network access.
- The OSI reference model layers are physical, data link, network, transport
Cisco discovery d homesb module 4 - v.4 in english.igede tirtanata
The document is a multiple choice quiz about networking and internet concepts. It contains questions about definitions of internet and point of presence, characteristics of internet service providers' backbones and business services, requirements to connect to the internet, networking devices like routers and switches, and cabling types and standards. The questions cover topics like the definition of internet, functions of networking devices, characteristics of different internet connections and services, and cable types and their applications.
Cisco discovery drs ent module 3 - v.4 in english.igede tirtanata
The document contains questions and answers about networking concepts like VLANs, trunking, VTP, and STP.
Some key points:
- A router can connect VLANs on a switch using a trunk port and subinterfaces for each VLAN.
- VTP is used to maintain VLAN configuration consistency across switches in the same management domain and mode.
- STP elects a root bridge and puts switch ports into blocking, listening, learning, or forwarding states to prevent loops.
Cisco discovery drs ent module 5 - v.4 in english.igede tirtanata
The document is a set of 20 multiple choice questions about networking concepts like VLSM, NAT, CIDR, and subnetting. Some of the questions ask about the maximum number of subnets that can be created from a specific subnet, the purpose of address overloading in NAT, the advantages of CIDR, how a router implements NAT overload, and characteristics of classful routing protocols. Other questions provide exhibits with network diagrams and ask about global vs local NAT addresses, valid subnet masks, summarized network ranges, and valid subnet addresses.
IBM announced the new i890 32-way server featuring the POWER4 processor. The i890 provides up to 37,400 CPW and 1.85 times the performance of the i840 server. IBM also announced OS/400 V5R2 which focuses on simplifying enterprise IT management. The i890 and OS/400 V5R2 provide improved flexibility and growth options for adding new workloads.
The document describes an e-wallet application that allows users to make payments using Near Field Communication (NFC) technology on Android smartphones. It discusses how the application works, including user registration and login, adding payment balances by activating vouchers, and making expenditures by scanning NFC tags on smart posters. The application transfers user and transaction data between the smartphone app and a web server for validation. The document also evaluates the application's performance and network usage, finding that data reception uses more bandwidth than transmission and that internet connectivity was the main constraint reported by users. It concludes by recommending a focus on security and expanding platform support for broader use.
This document provides an overview and summary of a training course on Agenda, GSM & MPA. The course agenda covers definitions and history of GSM, GSM services, system architecture including components like the HLR, VLR, BTS, BSC and MSC. It also discusses the GSM functional model including call management, mobility management and radio resource management. The document then summarizes the GSM radio interface, protocols like DTAP and interfaces like A-bis and A. It provides high-level descriptions of GSM standards and evolution over time.
This document provides an introduction to a data communications networking course. It outlines the course schedule which covers topics like Ethernet, WAN technologies, IP networking and more over 5 days. It also discusses course materials, prerequisites, and objectives which include gaining an understanding of modern datacom technologies. The document provides details on standardization bodies and the OSI reference model, describing each layer and how data is transmitted through the protocol stack. It also covers physical media types like coaxial cable, twisted pair, fiber and their characteristics. Standards for physical layer interfaces like RS-232, RS-422 and V-series are also introduced.
Network Design on cisco packet tracer 6.0Saurav Pandey
This document proposes a network design using access controls and VoIP. It includes configuration of routers, switches, VLANs, DHCP, RIP routing protocol, frame relay, telnet, ACLs and VoIP protocols like Call Manager Express. The network connects three locations - a head office and two branch offices - using routers, switches, frame relay, VLANs and access controls to filter unauthorized traffic and allow only genuine users. VoIP is implemented using protocols like DHCP, Call Manager Express, phone directory and dial peer configuration to enable voice calls between the locations over the IP network.
The document contains multiple choice questions about network configuration and protocols. Based on the options provided, the correct answers are:
- The missing information for Blank 1 is the command show ip route.
- Addition of hosts to a physical segment and increasing use of bandwidth intensive network applications contribute to congestion on an Ethernet LAN.
- The SwA port has IEEE 802.1Q trunking enabled and the SwB port has ISL trunking enabled.
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
Lab8 Controlling traffic using Extended ACL
Objectives
Perform basic configuration tasks on a router.
Applying Static routes and default route.
Exploring the routing table entry.
Applying Extended (named) access control lists (ACLs).
Testing the access control lists (ACLs).
Required Resources
2 Cisco Routers (1841)
2 Cisco Switches (2950-24)
3 Computers
UTP (straight through and cross over) cables
Tasks:
A. Build up the topology.
B. Perform Basic Router Configurations
Steps:
1. Connect the components as shown in Fig 1.
2. Configure the router hostname to match the topology diagram.
3. Configure IP addresses and masks on all devices.
4. Configure a loopback interface (loopback 0) on R2 to simulate the ISP. (search on the internet
how to configure loopback interface)
C. Enable Static route for all networks.
Steps:
1. For Router 1
R1(config)# ip route 192.168.20.0 255.255.255.0 serial 0/0/0
Default root can be configured as:
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
2. For Router 2
R2(config)# ip route 192.168.10.0 255.255.255.0 serial 0/0/1
R2(config)# ip route 192.168.11.0 255.255.255.0 serial 0/0/1
D. Verify full IP connectivity using the ping command and the routing table of routers.
Step#1:
For R1 and R2, use the command show ip route, take a snapshot for the resulting routing table,
and discuss the outputs:
*Routing table of R1(Screenshoot)
*Routing table of R2 (Screenshot)
Step#2:
Make sure that the whole network nodes can ping each other.
Before configuring and applying this ACL, be sure to test connectivity from Laptop1 to the
loopback interface (ISP - 209.165.200.225)
E. Configuring an Extended ACL
In this section, you are configuring an extended ACL on R1 that blocks traffic originating from any
device on the 192.168.10.0/24 network to access the 209.165.200.255 host (the simulated ISP).
This ACL will be applied outbound on the R1 Serial 0/0/0 interface.
Steps:
1. Configure a named extended ACL.
R1(config)#ip access-list extended EXTEND-1
R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225
2. Apply the ACL.
With standard ACLs, the best practice is to place the ACL as close to the destination as possible.
Extended ACLs are typically placed close to the source.
R1(config)#interface serial 0/0/0
R1(config-if)#ip access-group EXTEND-1 out
3. Test the ACL.
From Laptop1; ping the loopback interface on R2.
R1(config-ext-nacl)#permit ip any any
**Please provide full code and screenshoots from Cisco packet tracer.
Table -1 begin{tabular}{|c|ccc|} hline Device & Interface & IP Address & Default Gateway & & & R1
& Fa0/0 & 192.168.10.1/24 & N/A & Fa0/1 & 192.168.11.1/24 & N/A & So/0/0 & 10.1.1.1/24 & N/A
& Fa0/1 & 192.168.20.1/24 & N/A R2 & So/0/1 & 10.1.1.2/24 & N/A & loopback 0 &
209.165.200.225/8 & N/A & & & & & 192.168.10.10/24 & 192.168 .10 .1 hline Laptop1 & NIC &
192.168.11.10/24 & 192.168 .11 .1 hline Laptop2 & NIC & 192.168.20.254/24 & 192.168 .20 .1
hline hline PC3 & NIC & & hline end{tabular}.
This document summarizes a chapter on network security from a CCNA certification study guide. It discusses types of security attacks and how to mitigate them using appliances like IDS and firewalls. It also covers using access control lists (ACLs) to filter network traffic by source/destination IP addresses, protocols, and port numbers. Standard ACLs filter by source IP only, while extended ACLs can filter additional fields. Named ACLs provide descriptive names. The document provides examples of creating and applying standard, extended, and named ACLs to network interfaces to control network access.
This chapter discusses network security concepts like types of attacks, mitigation techniques, and access control lists. Standard access lists filter based on source IP addresses while extended lists can filter on additional attributes like destination address, protocol, and port numbers. Access lists are applied to router interfaces to permit or deny traffic and help implement security policies. The document provides examples of how to configure standard and extended access lists on Cisco routers to control network access.
Access lists allow routers to filter packets and are supported for several protocols like IP, Ethernet, and IPX. Access lists contain rules that either permit or deny traffic from and to particular sources and destinations. These lists are applied to router interfaces to filter traffic as it passes through. Extended access lists offer more granular control than standard lists by allowing filtering based on transport protocol, port, and source/destination addresses.
The document describes configuring extended access control lists (ACLs) on a router to filter traffic from two PCs to a server based on specific protocols.
The ACLs are configured to:
1) Permit FTP and ICMP traffic from PC1 to the server
2) Permit HTTP and ICMP traffic from PC2 to the server
The ACLs are applied to the appropriate router interfaces and testing is done to verify the ACLs are working as intended. Ping tests and application tests like FTP and web browsing are used to validate the ACL configurations.
CCNA 4 Answers, CCNA 1 Version 4.0 Answers, CCNA 2 Version 4.0 Answers, CCNA 3 Version 4.0 Answers, CCNA 4 Version 4.0 Answers, CCNA 1 Final Version 4.0 Answers, CCNA 2 Final Version 4.0 Answers, CCNA 3 Final Version 4.0 Answers, CCNA 4 Final Version 4.0 Answers
Cisco discovery drs ent module 10 - v.4 in english.igede tirtanata
This document contains multiple choice questions about networking topics such as VLANs, ACLs, routing protocols, and WAN technologies. Question 1 asks about the VTP mode that allows a switch to create VLANs and ignore VTP messages without passing local VLAN information. Question 2 asks about characteristics of extended ACLs. Question 3 asks about statements that are true regarding a PPP connection between two Cisco routers.
1 SEC450 ACL Tutorial This document highlights.docxdorishigh
1
SEC450 ACL Tutorial
This document highlights the most important concepts on Access Control List (ACL) that
you need to learn in order to configure ACL in CLI. This tutorial does not intend by any
mean to cover all ACL applications, but only those scenarios used in then SEC450
iLabs.
Introduction to Access Control List
A host-based firewall essentially works closing and/or opening ports in a
computer. The engine behind firewalls is built with Access Control Lists (ACL).
Network-based firewalls are implemented in device-specific appliances and
routers. Basically, firewalls in routers filter packets through interfaces to permit
or deny them.
Ports are layer-4 address specified in TCP/IP protocol suit that identify
networking processes running in clients and servers.
ACLs are configured using shell-specific commands. In Cisco IOS, CLI
commands access-list and access-group are used to create and apply ACL on
an interface.
ACL can be named by number ID or a name. Naming ACL is useful to identify
ACL’s purpose.
ACL are classified in Standard ACL, and Extended ACL.
Standard ACL’s number IDs are assigned from 1 to 99. Extended ACL’s number
IDs are from 100 to 199.
Standard ACL only uses source IP address in an IP packet to filter through an
interface. Hence, standard ACL denies or permits all packets (IP) with the same
source IP regardless upper protocols, destination IP address, etc. Example 1:
Router(config)#access-list 8 deny host 172.12.3.5
Extended ACL does filtering packets based on protocol, source IP address,
source port number, destination IP address and destination port number.
Example 2: Router(config)#access-list 102 deny tcp host 10.0.3.2 host
2
172.129.4.1 Deny tcp packets with source IP address 10.0.3.2 and destination IP
address 172.129.4.1.
Since, Standard ACLs only have source IP address; the rule is to apply them in
an interface as closer as possible to the concerning destination network.
For the contrary, the rule for Extended ACLs is to apply them in an interface as
closer as possible to the source IP address.
Use Extended ACL in all iLabs as they are more granular on packets to filter.
Create Extended ACL in global configuration
You can use access-list command options lt, gt, eq, neq, range (less than,
greater than, equal, not equal, range of ports) to do operation with port numbers.
Example 3: access-list 102 deny tcp any host 11.23.45.7 gt 20 denies all
packets with any source IP address to destination IP address 11.23.45.7 and
destination tcp port greater than 20.
Example 4: access-list 107 permit udp any any permits all packets with udp
protocol with any source IP address to any destination IP address.
Extended ACL can do packet filtering based on source port number and
destination port number.
Extended ACL Syntax can be as follows:
access-list <#,name> <protocol> ...
This document discusses configuring and troubleshooting access control lists (ACLs) on Cisco routers. It covers the basics of numbered standard and extended IPv4 ACLs, including configuration examples that permit or deny traffic based on source IP addresses, protocols, and port numbers. Named ACLs and commands for verifying, monitoring, and troubleshooting ACLs are also examined. The document provides guidance on implementing ACLs to control network access and troubleshooting common ACL errors.
This document chapter discusses access control lists (ACLs) and how to configure them. It covers the basic purpose and operation of ACLs, including how they filter traffic using wildcard masks. It then provides instructions on how to create standard IPv4 ACLs, both numbered and named, and how to apply them to interfaces. The chapter also discusses best practices for ACL creation and placement, and how to modify existing ACLs using sequence numbers or a text editor.
This document outlines the configuration of access control lists (ACLs) on a border router and internal router to implement a security policy. It lists the interfaces on each router and their connections. It then details the ACL rules applied to each interface to allow necessary traffic and deny unwanted traffic, including blocking certain ICMP message types. Reflexive ACLs are used to allow return traffic. RIP is configured for routing between the routers.
This document provides recommendations for securing Cisco routers by tightening access controls and permissions. It recommends:
1. Creating a written router security policy that defines who can access and configure the router.
2. Commenting and organizing offline copies of router configurations and keeping them in sync with the live configurations.
3. Implementing access lists that only allow necessary protocols, ports, and IP addresses and deny all others.
4. Running the latest available IOS version and regularly testing router security.
This document describes configuring and testing extended access control lists (ACLs) on a router to filter traffic between two PCs and a server. It outlines configuring a numbered ACL to permit FTP and ICMP from PC1 to the server, and a named ACL to permit HTTP and ICMP from PC2 to the server. The ACLs are applied to router interfaces and testing verifies only allowed traffic succeeds while denied traffic fails.
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
The document provides sample questions that may appear on a CCNA certification practice exam. It includes questions about OSPF, router commands, frame relay, VLANs, routing protocols, and more. The questions cover a wide range of Cisco networking topics that are important for the CCNA exam.
The document contains questions and answers related to CCNA 2 Chapter 5 routing protocols. The high-level information provided is:
1) The document contains practice questions and answers for the CCNA 2 Chapter 5 exam on routing protocols.
2) The questions cover topics such as RIP configuration, route summarization, default routes, and examining routing tables.
3) Answering the questions involves interpreting routing protocol output and configuration to determine routing behavior.
Cisco discovery drs ent module 4 - v.4 in english.igede tirtanata
The document is a set of 20 multiple choice questions about networking topics such as VLSM, NAT, CIDR, and routing protocols. Some of the questions ask about subnetting a network, the purpose of NAT overload, advantages of CIDR, how routers track addresses for NAT overload, characteristics of classful routing protocols, identifying inside and outside addresses in a NAT configuration, summarizing networks using CIDR, VLSM addressing schemes, appropriate subnet masks, available addresses in subnet configurations, routing updates sent with RIP v2, ranges of networks summarized by an address/mask, identifying the type of NAT based on translation output, available addresses for dynamic NAT pools, valid host addresses in a subnet, network/broadcast addresses in a subnet
Cisco discovery drs ent module 6 - v.4 in english.igede tirtanata
The document contains multiple choice questions about OSPF routing. It tests knowledge of OSPF concepts like DR/BDR election, network types, route calculation, and configuration. The questions cover topics such as OSPF network statements, adjacency formation between routers, and using OSPF in different network types.
Cisco discovery drs ent module 7 - v.4 in english.igede tirtanata
This document contains 24 multiple choice questions about network control protocols, data transmission rates, differences between LANs and WANs, Cisco's implementation of HDLC, connectivity problems, output of debug commands, functions of PPP, demarcation points, congestion indicators, time-division multiplexing, types of WAN connections, data communications equipment, encapsulation processes, and functions of LCP and cell switching. It provides information to test knowledge of fundamental networking concepts related to protocols, interfaces, addressing, and virtual circuits.
Cisco discovery d homesb module 10 final exam - v.4 in english.igede tirtanata
The document contains a 50 question multiple choice exam about networking concepts such as local and network applications, wireless connectivity issues, IP addressing, network layers, protocols, security, cabling, and other foundational IT topics. It tests understanding of technology, troubleshooting skills, and ability to apply knowledge to solve problems.
Cisco discovery d homesb module 7 - v.4 in english.igede tirtanata
The document contains 20 multiple choice questions about wireless networking technologies including IEEE 802.11, Bluetooth, Wi-Fi, WLAN components, wireless security, encryption, authentication methods, and wireless network configuration options. It tests knowledge of key topics such as the differences between wireless and wired networking, factors that influence wireless network setup and performance, and common wireless network security standards and protocols.
Cisco discovery d homesb module 7 - v.4 in english.igede tirtanata
The document contains 20 multiple choice questions about wireless networking technologies including IEEE 802.11, Bluetooth, Wi-Fi, WLAN components, wireless security, encryption, authentication, and common configuration options. It tests knowledge of the key differences between wireless and wired networking, factors that influence wireless network setup and performance, and security best practices.
Cisco discovery d homesb module 10 final exam - v.4 in english.igede tirtanata
The document contains a final exam with 30 multiple choice questions about networking concepts like local and network applications, wireless connectivity issues, DHCP configuration, network addressing, protocols, and common network devices. It tests knowledge of topics such as IP addressing, default gateways, wireless encryption, private IP ranges, and physical layer troubleshooting.
This document is a PowerPoint presentation about TCP/IP protocols and IP addressing. It contains slides on topics like the TCP/IP model, transport and internet layer protocols, IP addressing formats and classes, private IP addresses, subnetting, and dynamic addressing protocols like DHCP. The presentation is intended for instructors to modify for their CCNA networking classes.
This document is a PowerPoint presentation about Ethernet technologies that was created for instructors to modify for their own use. It covers the history and standards of Ethernet, including the parameters and implementations of 10 Mbps, 100 Mbps, 1 Gbps, and 10 Gbps Ethernet. The presentation provides information on Ethernet frames, encoding methods, cable types, and maximum distances for different Ethernet architectures. It concludes with a discussion of the expanding scope and future of Ethernet networking.
This document is a PowerPoint presentation about Ethernet fundamentals that was created for instructors to modify for their own use. It covers topics such as Ethernet naming rules, frame structures, MAC addressing, error handling, auto-negotiation, and transmission priority. The presentation provides information on the key concepts but is not intended as a study guide for assessments.
This PowerPoint presentation covers the key topics in CCNA 1 v3.1 Module 5 including cabling for LANs and WANs. It provides instructors with the Target Indicators from the module to modify for their own classes. The presentation covers LAN cabling using UTP and wireless, networking devices like hubs, switches, bridges and routers, connectivity models, and WAN cabling including serial, ISDN BRI and DSL connections. It is intended as a teaching guide and not as a study guide for assessments.
This document is a PowerPoint presentation about cable testing for CCNA 1 v3.1 Module 4. It provides an overview of topics like waves, exponents and logarithms, decibels, analog and digital signals, bandwidth, signaling over copper and fiber, attenuation and insertion loss, sources of noise, crosstalk, cable testing standards, and testing optical fiber. The presentation notes that a quality cable tester for Cat5e cabling is the Fluke DSP-LIA013 Channel/Traffic Adapter.
This document is a PowerPoint presentation about networking media for the CCNA 1 v3.1 Module 3. It includes slides on different types of networking cable such as coaxial cable, twisted pair cable and fiber optic cable. It also covers wireless networking concepts such as wireless standards, network components like access points, and wireless security. The presentation is intended for instructors as a template that can be modified for their classes.
This document is a PowerPoint presentation about networking fundamentals and concepts such as network history, devices, topologies, protocols, and models including OSI and TCP/IP. It provides information on different types of networks including LANs, WANs, MANs, and SANs. The presentation also covers topics such as bandwidth measurements, digital versus analog, peer-to-peer communication, and encapsulation. The purpose is to present the key concepts and targets for a CCNA networking module through slides with descriptive text and diagrams.
This PowerPoint presentation covers the key topics in CCNA 1 v3.1 Module 1 including PC basics, network interface cards, TCP/IP configuration, binary and hexadecimal number systems, IP addressing, and networking troubleshooting. It was created for instructors to modify for their classes and provides the target indicators for the module. The presentation instructs users to report any errors found and lists resources for additional instructional materials.
The document provides an overview of the TCP/IP transport and application layers. It discusses key topics like TCP and UDP segment formats, port numbers, reliability, flow control, and popular application layer protocols including DNS, FTP, HTTP, SMTP, SNMP, and Telnet. The objectives are listed as the TCP/IP transport layer and TCP/IP application layer.
This document provides an overview of routing fundamentals and subnetting in CCNA version 3.0. It discusses routed and routing protocols, how IP acts as a routed protocol, routing tables, routing algorithms and metrics, and the mechanics of subnetting including establishing subnet masks and calculating subnetworks through ANDing. The objectives are to understand routed protocols, IP routing protocols, and the mechanics of subnetting.
This document provides an overview of TCP/IP protocols and IP addressing. It discusses the layers of the TCP/IP model including application, transport, internet, and network access layers. It also covers IP addressing schemes like IPv4 and IPv6, address classes, public and private addressing, and methods for obtaining IP addresses like static, RARP, BOOTP, DHCP, and ARP.
This PowerPoint provides targets and objectives for CCNA 1 v3.0 Module 8 on Ethernet Switching. It is intended for instructors to modify for their own use, and is not a study guide for assessments or certification exams. The document outlines key topics covered in the module like collision domains, broadcast domains, switch operation modes, spanning tree protocol states, and how switches segment broadcast domains to reduce broadcast traffic.
This PowerPoint covers the key topics and concepts from CCNA 1 v3.0 Module 3 on networking media. It provides an overview of the module's objectives and topics to be covered, which include atoms and electrons, voltage, resistance and impedance, current flow, cable specifications, different cable types (coaxial, twisted-pair, fiber), the electromagnetic spectrum, light propagation, wireless LAN standards and components. The document is intended for instructors to modify for their own use, and is not a study guide for assessments or CCNA certification exams.
Cisco discovery drs ent module 8 - v.4 in english.
1. Cisco Discovery - DRSEnt Module 8 - V.4 in english.
Q.1 Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0
0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the
show access-list command. What sequence number does the new entry have?
0
10, and all other items are shifted down to the next sequence number
50
60
Q.2 Refer to the exhibit. What happens if the network administrator issues the commands shown when
an ACL called Managers already exists on the router?
The new commands overwrite the current Managers ACL.
The new commands are added to the end of the current Managers ACL.
The new commands are added to the beginning of the current Managers ACL.
An error appears stating that the ACL already exists.
Q.3 Why are inbound ACLs more efficient for the router than outbound ACLs?
Inbound ACLs deny packets before routing lookups are required.
Inbound ACL operation requires less network bandwidth than outbound.
Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs
Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial
interfaces.
Q.4 Refer to the exhibit. The network administrator of a company needs to configure the router RTA to
allow its business partner (Partner A) to access the web server located in the internal network. The web
server is assigned a private IP address, and a static NAT is configured on the router for its public IP
address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server.
What is the cause of the problem?
2. Port 80 should be specified in the ACL.
The public IP address of the server, 209.165.201.5, should be specified as the destination.
The ACL should be applied on the s0/0 outbound interface.
The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL.
Q.5 ACL logging generates what type of syslog message?
unstable network
warning
informational
critical situation
Q.6 Which two host addresses are included in the range specified by 172.16.31.64 0.0.0.31? (Choose
two.)
172.16.31.64
172.16.31.77
172.16.31.78
172.16.31.95
172.16.31.96
Q.7 Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What
wildcard mask would the network administrator configure in the access list to cover this range?
0.0.15.255
0.0.47.255
0.0.63.255
255.255.240.0
3. Q.8 ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.)
specifying source addresses for authentication
specifying internal hosts for NAT
identifying traffic for QoS
reorganizing traffic into VLANs
filtering VTP packets
Q.9 What can an administrator do to ensure that ICMP DoS attacks from the outside are mitigated as
much as possible, without hampering connectivity tests initiated from the inside out?
Create an access list permitting only echo reply and destination unreachable packets from the
outside.
Create an access list denying all ICMP traffic coming from the outside.
Permit ICMP traffic from only known external sources.
Create an access list with the established keyword at the end of the line.
Q.10 What effect does the command reload in 30 have when entered into a router?
If a router process freezes, the router reloads automatically.
If a packet from a denied source attempts to enter an interface where an ACL is applied, the router
reloads in 30 minutes.
If a remote connection lasts for longer than 30 minutes, the router forces the remote user off.
A router automatically reloads in 30 minutes.
Q.11 Refer to the exhibit. The following commands were entered on RTB.
RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15
RTB(config)# access-list 4 permit any
RTB(config)# interface serial 0/0/0
RTB(config-if)# ip access-group 4 in
Which addresses do these commands block access to RTB?
4. 192.168.20.17 to 192.168.20.31
192.168.20.16 to 192.168.20.31
192.168.20.16 to 192.168.20.32
192.168.20.16 to 192.168.20.33
Q.12 Refer to the exhibit. The new security policy for the company allows all IP traffic from the
Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the
Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to
implement the new security policy?
access-list 197 permit ip 192.0.2.0 0.0.0.255 any
access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip 192.0.2.0 0.0.0.255 any
access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip any any
access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 89 permit 192.0.2.0 0.0.0.255 any
access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www
Q.13 Which three statements are true concerning standard and extended ACLs? (Choose three.)
Extended ACLs are usually placed so that all packets go through the network and are filtered at the
destination.
Standard ACLs are usually placed so that all packets go through the network and are filtered at the
destination.
Extended ACLs filter based on source address only, and must be placed near the destination if other
traffic is to flow.
Standard ACLs filter based on source address only, and must be placed near the destination if other
traffic is to flow.
Extended ACLs filter with many possible factors, and they allow only desired packets to pass
through the network if placed near the source.
5. Standard ACLs filter with many possible factors, and they allow only desired packets to pass through
the network if placed near the source.
Q.14 Refer to the exhibit. Company policy for the network that is shown indicates the following
guidelines:
1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the
192.168.2.0/24 network.
2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network.
3) All other traffic originating from the 192.168.3.0 network should be denied.
Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0
interface of router R2 in the inbound direction?
access-list 101 deny ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
Q.15 Hosts from the Limerick LAN are not allowed access to the Shannon LAN but should be able to
access the Internet. Which set of commands will create a standard ACL that will apply to traffic on the
Shannon router interface Fa0/0 implementing this security?
access-list 42 deny 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255
access-list 42 permit any
access-list 56 deny 172.19.123.0 0.0.0.255
6. access-list 56 permit any
access-list 61 deny 172.19.123.0 0.0.0.0
access-list 61 permit any
access-list 87 deny ip any 192.0.2.0 0.0.0.255
access-list 87 permit ip any
Q.16 Refer to the exhibit. A network administrator needs to configure an access list that will allow the
management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and
configure router RTA. All vty and enable passwords are configured on the router. Which group of
commands will accomplish this task?
Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet
Router(config)# access-list 101 deny ip any any
Router(config)# int s0/0
Router(config-if)# ip access-group 101 in
Router(config-if)# int fa0/0
Router(config-if)#ip access-group 101 in
Router(config)# access-list 10 permit 192.168.10.25 eq telnet
Router(config)# access-list 10 deny any
Router(config)# line vty 0 4
Router(config-line)#access-group 10 in
Router(config)# access-list 86 permit host 192.168.10.25
Router(config)# line vty 0 4
Router(config-line)# access-class 86 in
Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet
Router(config)# access-list 125 deny ip any any
Router(config)# int s0/0
Router(config-if)# ip access-group 125 in
Q.17 Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244?
access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80
7. Q.18 Which wildcard mask would match the host range for the subnet 192.16.5.32 /27?
0.0.0.32
0.0.0.63
0.0.63.255
0.0.0.31
Q.19 A security administrator wants to secure password exchanges on the vty lines on all routers in the
enterprise. What option should be implemented to ensure that passwords are not sent in clear text
across the public network?
Use Telnet with an authentication server to ensure effective authentication.
Apply an access list on the router interfaces to allow only authorized computers.
Apply an access list on the vty line to allow only authorized computers.
Use only Secure Shell (SSH) on the vty lines.
Q.20 Refer to the exhibit. An administrator notes a significant increase in the amount of traffic entering
the network from the ISP. The administrator clears the access-list counters. After a few minutes, the
administrator again checks the access-list table. What can be concluded from the most recent output
shown?
A small amount of HTTP trafic is an indication that the web server was not configured correctly.
A larger amount of POP3 traffic (compared with SMTP traffic) indicates that there are more POP3
email clients than SMTP clients in the enterprise.
A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS
attack.
A larger amount of email traffic (compared with web traffic) is an indication that attackers mainly
targeted the email server.