Header Ads

Header ADS

ACL -Telnet Restriction with Configuration

October 26, 2021 0

What is ACL?

An Access Control List (ACL) is a set of rules that is usually used to filter network traffic. ACLs can be configured on network devices with packet filtering compatibilities, such as routers and firewalls.

ACLs contain a list of conditions that categorize packets and help you determine when to allow or deny network traffic. They are applied on the interface basis to packets leaving or entering an interface.


  • 172.16.0.0 /20  

Requirements:

  • DHCP Server

  • Telnet Server

  • PC-1 will access only Web-server, no other will not access Web-server

  • PC-4 will access only FTP-Server, no other will not access FTP-server

  • Left side LAN will not access Telnet Server

Figure:





Interface Configuration:


R-1

Router(config)#interface gigabitEthernet 0/0

Router(config-if)#ip address 172.16.1.161 255.255.255.224

Router(config-if)#no sh

Router(config-if)#exit 

Router(config)#interface gigabitEthernet 0/1

Router(config-if)#ip address 172.16.1.129 255.255.255.224

Router(config-if)#no sh

Router(config-if)#exit 

Router(config)#interface gigabitEthernet 0/2

Router(config-if)#ip address 172.16.1.197 255.255.255.252

Router(config-if)#no sh

Router(config-if)#exit


R-2

Router(config)#interface gigabitEthernet 0/0

Router(config-if)#ip address 172.16.1.162 255.255.255.224

Router(config-if)#no sh

Router(config-if)#exit 

Router(config)#interface gigabitEthernet 0/1

Router(config-if)#ip address 172.16.1.193 255.255.255.252

Router(config-if)#no sh

Router(config-if)#exit 

Router(config)#interface gigabitEthernet 0/2

Router(config-if)#ip address 172.16.1.1 255.255.255.128

Router(config-if)#no sh

Router(config-if)#exit 



R-3

Router(config)#interface gigabitEthernet 0/0

Router(config-if)#ip address 172.16.1.130 255.255.255.224

Router(config-if)#no sh

Router(config-if)#exit 

Router(config)#interface gigabitEthernet 0/1

Router(config-if)#ip add 172.16.1.194 255.255.255.252

Router(config-if)#no sh

Router(config-if)#exit 

Router(config)#interface gigabitEthernet 0/2

Router(config-if)#ip add 172.16.0.1 255.255.255.0

Router(config-if)#no sh

Router(config-if)#exit 



DHCP Configuration:


R-2

Router(config)#ip dhcp pool Left

Router(dhcp-config)#network 172.16.1.0 255.255.255.128

Router(dhcp-config)#default-router 172.16.1.1

Router(dhcp-config)#dns-server 8.8.8.8

Router(dhcp-config)#exit 

Router(config)#


R-3

Router(config)#ip dhcp pool Right

Router(dhcp-config)#network 172.16.0.0 255.255.255.0

Router(dhcp-config)#default-router 172.16.0.1

Router(dhcp-config)#dns-server 8.8.8.8

Router(dhcp-config)#exit


Telnet Configuration:


R-1

Router(config)#line vty 0 2

Router(config-line)#login local

Router(config-line)#exit

Router(config)#username user1 password user1

Router(config)#username user2 password user2


OSPF Configuration:

R-1

Router(config)#router ospf 1

Router(config-router)#network 172.16.1.196 0.0.0.3 area 0

Router(config-router)#network 172.16.1.160 0.0.0.31 area 0

Router(config-router)#network 172.16.1.128 0.0.0.31 area 0



R-2

Router(config)#router ospf 1

Router(config-router)#network 172.16.1.160 0.0.0.31 area 0

Router(config-router)#network 172.16.1.0 0.0.0.127 area 0

Router(config-router)#network 172.16.1.192 0.0.0.3 area 0


R-3

Router(config)#router ospf 1

Router(config-router)#network 172.16.1.128 0.0.0.31 area 0

Router(config-router)#network 172.16.1.192 0.0.0.3 area 0

Router(config-router)#network 172.16.0.0 0.0.0.255 area 0



Server Configuration:


🡺  1st we have to give IP address to server.


🡺 2nd we need to create a FTP Service: 



ACL Configuration for restriction Web & FTP Server:


R-1

Router(config)#access-list 100 permit tcp host 172.16.1.2 host 172.16.1.198 eq 80

Router(config)#access-list 100 permit tcp host 172.16.0.3 host 172.16.1.198 eq 20

Router(config)#access-list 100 permit tcp host 172.16.0.3 host 172.16.1.198 eq 21

Router(config)#

Router(config)#interface gigabitEthernet 0/2

Router(config-if)#ip access-group 100 out

Router(config-if)#exit


Telnet Restriction Configuration:


R-2

Router(config)#access-list 100 deny tcp 172.16.1.0 0.0.0.127 host 172.16.1.161 eq 23

Router(config)#access-list 100 permit tcp any any

Router(config)#

Router(config)#interface gigabitEthernet 0/2

Router(config-if)#ip access-group 100 in

Router(config-if)#exit



END



Tags:

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.