CCNA Complete Guide 2nd Edition.pdf - Cisco Learning Home
19.07.2013 Views
Share Embed Flag

CCNA Complete Guide 2nd Edition.pdf - Cisco Learning Home

CCNA Complete Guide 2nd Edition.pdf - Cisco Learning Home

CCNA Complete Guide 2nd Edition.pdf - Cisco Learning Home

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
learningnetwork.cisco.com

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Complex ACL<br />

RT1<br />

S0 Fa0<br />

Fa1<br />

HR Network<br />

11.11.11.1/24<br />

Figure A6-13: Sample Complex ACL Network<br />

- The user requirement for the sample network above is to deny all access (Microsoft file sharing,<br />

Remote Desktop, ICMP ping, etc) from PCs in VLAN 11, 12, and 13 to the PCs in HR Network.<br />

- Below shows a sample solution by applying an inbound access list to RT1 Fa1 interface:<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 135 10.10.11.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 139 10.10.11.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 445 10.10.11.0 0.0.0.255<br />

access-list 101 deny udp 11.11.11.0 0.0.0.255 eq 137 10.10.11.0 0.0.0.255<br />

access-list 101 deny udp 11.11.11.0 0.0.0.255 eq 138 10.10.11.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 3389 10.10.11.0 0.0.0.255<br />

access-list 101 deny icmp 11.11.11.0 0.0.0.255 10.10.11.0 0.0.0.255 echo-reply<br />

! --------------------------------------------------<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 135 10.10.12.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 139 10.10.12.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 445 10.10.12.0 0.0.0.255<br />

access-list 101 deny udp 11.11.11.0 0.0.0.255 eq 137 10.10.12.0 0.0.0.255<br />

access-list 101 deny udp 11.11.11.0 0.0.0.255 eq 138 10.10.12.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 3389 10.10.12.0 0.0.0.255<br />

access-list 101 deny icmp 11.11.11.0 0.0.0.255 10.10.12.0 0.0.0.255 echo-reply<br />

! --------------------------------------------------<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 135 10.10.13.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 139 10.10.13.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 445 10.10.13.0 0.0.0.255<br />

access-list 101 deny udp 11.11.11.0 0.0.0.255 eq 137 10.10.13.0 0.0.0.255<br />

access-list 101 deny udp 11.11.11.0 0.0.0.255 eq 138 10.10.13.0 0.0.0.255<br />

access-list 101 deny tcp 11.11.11.0 0.0.0.255 eq 3389 10.10.13.0 0.0.0.255<br />

access-list 101 deny icmp 11.11.11.0 0.0.0.255 10.10.13.0 0.0.0.255 echo-reply<br />

! --------------------------------------------------<br />

access-list 101 permit ip any any<br />

!<br />

interface FastEthernet1<br />

ip address 11.11.11.1 255.255.255.0<br />

ip access-group 101 in<br />

!<br />

269<br />

VLAN 11 – 10.10.11.1/24<br />

VLAN 12 – 10.10.12.1/24<br />

VLAN 13 – 10.10.13.1/24<br />

Copyright © 2008 Yap Chin Hoong<br />

yapchinhoong@hotmail.com

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!