hello friend i have answerd more time of your question or
doute.now i am seeing towards you for help,plz send the
soln before monedya
the problem is
i have three router r1 and r2 and r3
they are conested in that maneer
thai is
r1---r2---r3---server
|
|
server
bothe server have diffrent ip
now i have to implemnt access list on the r3 router in such
a way that user from r1 can access only one server
while user from r2 can access whole servre
i ahve done it but both user of r1 and r2 uses all server
i need help
please help me this time?
i have repalsced my firwall by r3 router
so bacicaly i have to implement it on my firewall but you
tell me on cisco router please help
- 2 Answers
- 3862 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / shahin
Hi.... U didn't mention any ip address as well as interfaces
which r used to connect routers.
R1(s1/0)------(S1/0)R2 (S1/1) -------(S1/0)R3------- server1
! ! ! 10.1.1.1
! ! ! 10.1.1.10
! ! !
PC1 PC2 Server2
13.1.1.1 12.1.1.1 11.1.1.1
13.1.1.10 12.1.1.10 11.1.1.10
Note: First one IP address & second default gateway.
R1
s1/0 - 1.1.1.1
R2
s1/0 - 1.1.1.2
s1/1 - 2.2.2.1
R3
s1/0 - 2.2.2.2
I configured RIPv2 on all router & its working fine. Now i
can access each & every user & server from anywhere in the
network.
Point is that, u want to configure ACL, so that it will meet
ur requirements.
As u mention, "implemnt access list on the r3 router in such
a way that user from r1 can access only one server"... ok i
m goin to block user from R1 to access "server1"
Create Standard ACL -
R3#conf t
R3(config)#access-list 5 permit 12.0.0.0 0.255.255.255
R3(config)#access-list 5 deny any
Apply ACL -
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip access-group 5 out
Router(config-if)#^Z
See the sh output -
Router#sh access-lists
Standard IP access list 5
permit 12.0.0.0 0.255.255.255 (4 match(es))
deny any (3 match(es))
Hey buddy.... i configure the same scenario in packet
tracer.. here i m pasting the the sh runing-config of routers -
***** Router 1 -
Current configuration : 652 bytes
!
output omitted
!
interface FastEthernet0/0
ip address 13.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.1 255.0.0.0
clock rate 128000
!
router rip
version 2
network 1.0.0.0
network 13.0.0.0
no auto-summary
!
ip classless
!!
end
**** Router 2 -
Building configuration...
Current configuration : 674 bytes
!
Output Omitted
!
interface FastEthernet0/0
ip address 12.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.2 255.0.0.0
!
interface Serial1/1
ip address 2.2.2.1 255.0.0.0
clock rate 128000
!
router rip
version 2
network 1.0.0.0
network 2.0.0.0
network 12.0.0.0
no auto-summary
!
ip classless
!!
end
****Router 3 -
Building configuration...
Current configuration : 748 bytes
!
Output Omitted
!
interface FastEthernet0/0
ip address 11.1.1.10 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.1.10 255.0.0.0
ip access-group 5 out
duplex auto
speed auto
!
interface Serial1/0
ip address 2.2.2.2 255.0.0.0
!
router rip
version 2
network 2.0.0.0
network 10.0.0.0
network 11.0.0.0
no auto-summary
!
ip classless
!
!
access-list 5 permit 12.0.0.0 0.255.255.255
access-list 5 deny any
!
!!
end
***** Outout from PC1 -
PC1>ping 10.1.1.1
Pinging 10.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Hey buddy, i tried my best to explain as simple as possible
& as much as accuracy. Hope this gonna help u to do the work.
Cheers & enjoy the sunday/Funday.... heheheh
| Is This Answer Correct ? | 1 Yes | 0 No |
HOW MPLS IS DIFFERENT FROM OSPF? WHY NOW A DAYS MPLS IS PREFERED OVER ANY NETWORK PROTOCOL?
The Physical layer works with which of the following: A.) Segments B.) Datagrams C.) Packets D.) Bits E.) Frames
Tell me which protocol called rapid protocol?
Can you explain in a generic manner the packet of IPSec?
What information is provided by the local management interface (LMI)? A.) LMI encapsulation type B.) The current DLCI values C.) The status of virtual circuits D.) The global or local significance of the DLCI values
In regards to the ISDN BRI standard, which channel is used for control? A.) B B.) D C.) E D.) I E.) Q
What is the command to allow you to type Tokyo instead of the IP address 172.16.30.1 to access a router named Tokyo? A.) config t, ip host Tokyo 172.16.30.1 B.) config t, ip hostname Tokyo 172.16.30.1 C.) config t, hostname Tokyo 172.16.30.1 D.) config t, ip hostname 172.16.30.1 Tokyo
Explain the difference between switch & hub?
Identify the keystroke to position the cursor to the beginning of a command line? A.) Ctrl-A B.) Ctrl-Ins C.) Ctrl-B D.) Ctrl-Z
What is the default switching method for the Cisco 5000 series? A.) Cut-through B.) Store-and-splice C.) Latency D.) Store-and-forward
What command can be used to test IPX connectivity? A.) Ping 2e.000.0045.8923 B.) Ping 192.168.100.1 C.) Ping ipx 2e.0000.0045.8923 D.) Ipx ping 2e.0000.0045.8923
What is difference between static and dynamic routing?
CCNA 
