文件名称:cisco访问控制列表
文件大小:71KB
文件格式:PKA
更新时间:2012-07-25 11:04:35
Using the name HFW1, create
Create and apply the Named ACL to implement the following security policies. Be sure to enter the statements in the order specified. 1. Houston Security Policy (6 lines) Using the name HFW1, create an ACL that does the following: a. Host PC1, attached to the 192.168.1.128/27 subnet should be allowed complete access to the 192.168.1.96/27 subnet b. All other hosts attached to the 192.168.1.128/27 subnet should be allowed only HTTP access to the 192.168.1.96/27 subnet using UDP. c. Host PC3, attached to the 192.168.1.32/27 subnet should be allowed complete access to SERVER1 on the 192.168.1.96/27 subnet. d. All other traffic from the 192.168.1.32/27 subnet should be denied access to the 192.168.1.96/27 subnet. e. Any other traffic from the 192.168.1.0 network should be allowed. f. All traffic outside the 192.168.1.0 network should be implicitly denied. 2. Apply the HFW1 named access group to the correct interface. Be sure to specify if the access-list is created for inbound or outbound purposes. Test the configuration: Click the Check Results icon to verify all assessed items are successfully completed. Create scenarios in Simulation mode to test the above security policies. 3. Using the packet tracer inspect tool and then the CLI, view the routing tables on both routers. Test connectivity between the PCs within the 192.168.1.0 network and the servers on the 192.168.1.96 subnet with simple PDU and CLI pings and explain the results. 4. In simulation mode, use the event filter to run various "what if" scenarios. Use the complex PDU packets to test that hosts within the 192.168.1.128 subnet have http (port 80) access to the servers. Reflect: 1) As a packet travels through the Houston router to reach the 192.168.1.96/27 subnet, at what point does the router evaluate the packet to determine if it is permitted or denied? 2) Do the servers/devices on the 192.168.1.96/27 have more limited access to devices outside the subnet due to the access-list put in place? 3) Was a standard or extended ACL necessary to complete the requirement of the security policy? Explain. 4) Why was the order in which the access-list statements applied important? Could this access-list be ordered any other way? Why or why not?