Scribd
Upload
40 views5 pages

CN Lab

The document discusses configuring access control lists and DHCP on a network topology. It provides details on IP addressing of devices, configuring standard and extended ACLs to control network access between subnets, and setting up DHCP to automatically assign IP addresses.

Uploaded by

rabeea malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
40 views5 pages

CN Lab

The document discusses configuring access control lists and DHCP on a network topology. It provides details on IP addressing of devices, configuring standard and extended ACLs to control network access between subnets, and setting up DHCP to automatically assign IP addresses.

Uploaded by

rabeea malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

ASSIGNMENT#02

Topic: Access Control List and DHCP Configuration


Topology Diagram

Addressing Table
Device Interface IP Address Subnet mask Default Gateway

R1 Se 0/0/0 192.168.1.1 255.255.255.0 192.168.1.2

FA 0/0 192.168.3.4 255.255.255.0 192.168.1.2

R2 Se 0/0/0 192.168.1.2 255.255.255.0 192.168.1.1

S 0/0/1 192.168.2.1 255.255.255.0 192.168.2.2

FA 0/0 192.168.4.4 255.255.255.0 192.168.6.2

FA 0/1 192.168.7.4 255.255.255.0 192.168.6.2

FA1/0 192.168.5.4 255.255.255.0 192.168.6.2

R3 Se 0/0/1 192.168.2.2 255.255.255.0 192.168.2.1

FA 0/0 192.168.6.2 255.255.255.0 192.168.6.2

HTTP N/A 192.168.6.4 255.255.255.0 192.168.6.2


DNS Server N/A 192.168.6.3 255.255.255.0 192.168.6.2

DHCP Server N/A 192.168.6.1 255.255.255.0 192.168.6.2

PC1-PC8 NIC Obtained Obtained Obtained


Automatically Automatically Accordingly

Task 1: Prepare the Network.


Task 2: Perform Basic Router Configurations.
Step 1: Configure Ethernet interfaces on R1.

Step 2: Verify IP addressing and interfaces.


Use the show ip interface brief command to verify that the IP addressing is correct and that
the interfaces are active.

Task 3: Perform IP configuration on host PC’s


Now you don’t need to assign IP address on each PC. We will use DHCP to assign to get IP
address automatically. Select DHCP on instead of Static on PC IP Configuration.

Step 1: Configure DHCP for Developer’s Network


R1(config)# ip dhcp pool developer-network

R1(dhcp-config)# network 192.168.3.0 255.255.255.0

R1(dhcp-config)# default-router 192.168.3.1

R1(dhcp-config)# dns-server 192.168.6.3

Step 2: Configure DHCP for Sales Network


R2(config)# ip dhcp pool sales-network

R2(dhcp-config)# network 192.168.4.0 255.255.255.0

R2(dhcp-config)# default-router 192.168.4.1

R2(dhcp-config)# dns-server 192.168.6.3


Step 3: Configure DHCP for HR Network R2(config)#
ip dhcp pool HP-network

R2(dhcp-config)# network 192.168.7.0 255.255.255.0

R2(dhcp-config)# default-router 192.168.7.1

R2(dhcp-config)# dns-server 192.168.6.3

Step 4: Configure DHCP for QA Network R2(config)#


ip dhcp pool QA-network

R2(dhcp-config)# network 192.168.5.0 255.255.255.0

R2(dhcp-config)# default-router 192.168.5.1

R2(dhcp-config)# dns-server 192.168.6.3

Task 4: Verify the Network


Use ping tool to check connectivity between the hosts. Is ping successful?

Yes, I have sent the packet from PC 3 to PC 5 and the ping is successful.

Task 5: Configuring Standard IP Access Lists


The access list may be created with one or more access-list commands while in global
configuration mode. Second, the access list is applied to or referenced by other commands,
such as the ip access-group command which applies the ACL to an interface. An example
would be the following:

R1#config terminal

R1(config)#access-list # {permit | deny} ip address wildcard mask

R1(config)#interface {serial | Fast Ethernet}

R1(config-if)#ip access-group # {in | out}

Standard ACLs
Step 1: Your task is to block 192.16.3.3 from gaining access on 192.16.5.0. While
192.16.3.3 must be able to communicate with networks. Another computer from the
network of 192.16.3.0 must be able to connect with the network of 192.16.5.0.

R2#config terminal

R2(config)#access-list 1 deny host 192.16.3.3

R2(config)#access-list 1 permit any

R2(config)#interface fastEthernet 0/1

R2(config-if)#ip access-group 1 out

Step 2: Verify if the access list is created successfully.

Run following command on router R2 and write down your observations. R2#

show access-list

The router 2 denied access of the host PC 192.168.3.3.

Step 3: Block the network of 192.16.3.0 from gaining access on 192.16.4.0. While
192.16.3.0 must be able to communicate with networks.

Run the following commands on router R2.

R2(config)#access-list 2 deny 192.16.3.0 0.0.0.255

R2(config)#access-list 2 permit any

R2(config)#interface fastethernet 0/0

R2(config-if)#ip access-group 2 out


Task 6: Configuring Extended IP Access Lists
The steps for configuring an extended IP ACL do not actually di er from those of a standard
ACL. More options are available in this case.

The commands to use for creating and applying this type of AL on an interface are the
following:

To create extended ACL following command is used:

Router(config)#access-list access -list-number {deny | permit} protocol source wildcard


[source port] destination destination-wildcard [destination port] [log]

Keep in mind that the available numbers to use are between 100 and 199 and 2000 to 2699.
You can deny or permit a specific protocol (e.g. IP, TCP), tra ic coming from a specific host
or network destined for a specific host or network and using specific services (identified by
application ports for example 23 for telnet, 53 for DNS, etc.).

To apply the access list on an interface, use the following command Router

(config-if)#ip access-group access-list-number {in | out}.

Extended ACL

You might also like