135 - 238 CCNA 2: Routers and Routing Basics v3.1 Instructor Guide – Case Study
Copyright
©
2004, Cisco Systems, Inc.
Phase 4: Access Control Lists
While testing the network, the team leader discovers that security has not been planned for the
network. If the network configuration were installed as designed, any network user would be
able to access all network devices and workstations.
The team leader asks the technician to add access control lists (ACLs) to the routers. The
team leader has some suggestions for developing the security. Before the ACLs are added,
backup the current router configuration. Also, make sure there is complete connectivity
throughout the network before any of the ACLs are applied.
The following conditions must be taken into consideration when creating the ACLs:
•
Workstation 2 and File Server 1 are on the management network. Any device on the
management network can access any other device on the entire network.
•
Workstations on Eva and Boaz LANs are not permitted outside of their subnet except
to access File Server 1.
•
Each router can telnet to the other routers and access any device on the network.
The team lead asks the technician to write down a short summary of the purpose of each ACL,
the interfaces upon which they will be applied, and the direction of the traffic. Then list the
exact commands that will be used to create and apply the ACLs to the router interfaces.
Before the ACLs are configured on the routers, review each of the following test conditions
and make sure that the ACLs will perform as expected:
Telnet from Boaz to Eva
SUCCESSFUL
Telnet from Workstation 4 to Eva
BLOCKED
TELNET from Workstation 5 to Boaz
BLOCKED
TELNET from Workstation 2 to Boaz
SUCCESSFUL
TELNET from Workstation 2 to Eva
SUCCESSFUL
Ping from Workstation 5 to File Server 1
SUCCESSFUL
Ping from Workstation 3 to File Server 1
SUCCESSFUL
Ping from Workstation 3 to Workstation 4
SUCCESSFUL
Ping from Workstation 5 to Workstation 6
SUCCESSFUL
Ping from Workstation 3 to Workstation 5
BLOCKED
Ping from Workstation 2 to Workstation 5
SUCCESSFUL
Ping from Workstation 2 to Workstation 3
SUCCESSFUL
Ping from Router Eva to Workstation 3
SUCCESSFUL
Ping from Router Boaz to Workstation 5
SUCCESSFUL