Scribd
Upload
166 views7 pages

CCNA 200-301 - Lab-18 ACL - Time Range v1.0

1. The document describes configuring time-range access control lists (ACLs) on routers to block HTTP access to a router's loopback interface during specified office hours. 2. It provides instructions to configure HTTP and NTP services on routers, and then create time ranges and ACLs to deny access to the HTTP server from 9am to 6pm on weekdays, while allowing access at all other times. 3. Verification commands are included to show the time ranges, ACLs, and test connectivity to the HTTP server both during and outside the restricted office hours.

Uploaded by

Anoop Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
166 views7 pages

CCNA 200-301 - Lab-18 ACL - Time Range v1.0

1. The document describes configuring time-range access control lists (ACLs) on routers to block HTTP access to a router's loopback interface during specified office hours. 2. It provides instructions to configure HTTP and NTP services on routers, and then create time ranges and ACLs to deny access to the HTTP server from 9am to 6pm on weekdays, while allowing access at all other times. 3. Verification commands are included to show the time ranges, ACLs, and test connectivity to the HTTP server both during and outside the restricted office hours.

Uploaded by

Anoop Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

CCNA - 200-301 Time-Range ACL

Time-Range ACL

[email protected]
Task
1. Configure routers R1 & R2 with IP address as shown in topology and configure
enable password as ccna. (Refer Lab-16 for task 1 to 3)
2. Configure routers as Host (PC / Servers)
3. Configure default routing to provide connectivity between them.
4. Configure HTTP service on R2.
5. Configure R2 as NTP server and R1 as NTP client
6. Configure time range ACL to block internet - http service (R2’s loopback IP )
during the office working hours (9 am to 6 pm)

Task-4: Configure HTTP service on R2.

R2 Configuration:

R2#config t
R2(config)#enable password ccna
R2(config)#username user1 secret pass1
R2(config)#ip http server
R2(config)#ip http secure-client-auth
1

R2(config)#line vty 0 15
Page

R2(config-line)#login local
www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
R2(config-line)#transport input ssh telnet
R2(config-line)#exit
R2(config)#exit
R2#

✓ Verification & Testing:


PC-1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/332/1164 ms

PC-1#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open

PC-1#

PC-2#ping 2.2.2.2
We Make Learning Simplified..

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/333/1076 ms

PC-2#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open

PC-2#

Secure-SRV-1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/327/1108 ms

Secure-SRV-1#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open

Secure-SRV-1#

Task-5: Configure R2 as NTP server and R1 as NTP client


R2 Configuration:

R2#config t
R2(config)#clock timezone IST +5 30
R2(config)#ntp master
R2(config)#exit
R2#clock set 17:45:00 6 Nov 2020
2 Page

www.rsatechforum.in
+91 8551802268
CCNA - 200-301 Time-Range ACL
R1 Configuration:

R1#config t
R1(config)#clock timezone IST +5 30
R1(config)#ntp server 192.168.3.2
R1(config)#exit
R1#

✓ Verification & Testing:


R2#sh ntp status
Clock is synchronized, stratum 8, reference is 127.127.1.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
ntp uptime is 65400 (1/100 of seconds), resolution is 4000
reference time is E34FBD04.591AD8F9 (17:46:04.348 IST Fri Nov 6 2020)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 437.92 msec, peer dispersion is 437.69 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 16, last update was 16 sec ago.
R2#

[email protected]
R1#sh ntp status
Clock is synchronized, stratum 9, reference is 192.168.3.2
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
ntp uptime is 64400 (1/100 of seconds), resolution is 4000
reference time is E34FBD43.2C9CF91C (17:47:07.174 IST Fri Nov 6 2020)
clock offset is -1.8256 msec, root delay is 28.40 msec
root dispersion is 7942.08 msec, peer dispersion is 937.54 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.000000000 s/s
system poll interval is 64, last update was 7 sec ago.
R1#

R2#sh clock
17:49:12.199 IST Fri Nov 6 2020
R2#

R1#sh clock
17:49:28.021 IST Fri Nov 6 2020
R1#

Task-6: Configure time range ACL to block all access to R2’s loopback IP
(Internet) during the office working hours (9 am to 6 pm)
R1 Configuration:

R1#config t
R1(config)#time-range Office-Hours
R1(config-time-range)#periodic weekdays 09:00 to 18:00
R1(config-time-range)#exit
3

R1(config)#time-range Internet-Access
Page

R1(config-time-range)#periodic weekdays 00:00 to 23:59


www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
R1(config-time-range)#exit
R1(config)# access-list 100 permit ip host 192.168.1.100 any time-range Office-Hours
R1(config)#access-list 100 deny ip any any time-range Office-Hours
R1(config)#access-list 100 permit ip any any time-range Internet-Access
R1(config)#int fa1/0
R1(config-if)#ip access-group 100 out
R1(config-if)#exit
R1(config)#exit
R1#

✓ Verification & Testing:

R1#sh clock
17:50:15.307 IST Fri Nov 6 2020
R1#

R1#sh access-lists
Extended IP access list 100
10 permit ip host 192.168.1.100 any time-range Office-Hours (active) (2 matches)
We Make Learning Simplified..

20 deny ip any any time-range Office-Hours (active) (15 matches)


30 permit ip any any time-range Internet-Access (active)
R1#

R1#sh time-range
time-range entry: Internet-Access (active)
periodic weekdays 0:00 to 23:59
used in: IP ACL entry
time-range entry: Office-Hours (active)
periodic weekdays 9:00 to 18:00
used in: IP ACL entry
used in: IP ACL entry
R1#

PC-1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

PC-1#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ...
% Destination unreachable; gateway or host down

PC-1#

PC-2#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
UUUUU
4

Success rate is 0 percent (0/5)


Page

www.rsatechforum.in
+91 8551802268
CCNA - 200-301 Time-Range ACL
PC-2#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ...
% Destination unreachable; gateway or host down

PC-2#

Secure-SRV-1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms

Secure-SRV-1#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open

Secure-SRV-1#

R1#sh access-lists
Extended IP access list 100
10 permit ip host 192.168.1.100 any time-range Office-Hours (active) (10 matches)
20 deny ip any any time-range Office-Hours (active) (33 matches)

[email protected]
30 permit ip any any time-range Internet-Access (active)
R1#

Now wait for office hours to complete.


R1#sh clock
17:57:28.792 IST Fri Nov 6 2020
R1#

R1#sh clock
18:01:09.930 IST Fri Nov 6 2020
R1#

R1#sh access-lists
Extended IP access list 100
10 permit ip host 192.168.1.100 any time-range Office-Hours (inactive) (14 matches)
20 deny ip any any time-range Office-Hours (inactive) (34 matches)
30 permit ip any any time-range Internet-Access (active)
R1#

PC-1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/42/44 ms

PC-1#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open
5 Page

PC-1#

www.rsatechforum.in
+91 8551802268
CCNA Labs by Ratan
PC-2#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms

PC-2#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open

PC-2#

Secure-SRV-1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/40/44 ms

Secure-SRV-1#telnet 2.2.2.2 80
Trying 2.2.2.2, 80 ... Open
We Make Learning Simplified..

Secure-SRV-1#

R1#sh access-lists
Extended IP access list 100
10 permit ip host 192.168.1.100 any time-range Office-Hours (inactive) (14 matches)
20 deny ip any any time-range Office-Hours (inactive) (34 matches)
30 permit ip any any time-range Internet-Access (active) (35 matches)
R1#

To Remove ACL
R1#config t
R1(config)#no access-list 100
R1(config)#int fa1/0
R1(config-if)#ip access-group 100 out
R1(config-if)#exit
R1(config)#no time-range Office-Hours
R1(config)#no time-range Internet-Access
R1(config)#exit
R1#
6 Page

www.rsatechforum.in
+91 8551802268
CCNA - 200-301 Time-Range ACL
Important Commands:
sh access-lists
sh ip access-lists
sh run | sec access-list
sh time-range

[email protected]
7 Page

www.rsatechforum.in
+91 8551802268

You might also like