Cisco Certified Network Associate 0 (ccna)


Note: Privilege level 15 is known as “enable mode” or “privileged exec mode,” and authorizes all commands by default. Verification



Yüklə 5,2 Mb.
səhifə141/142
tarix27.09.2023
ölçüsü5,2 Mb.
#149497
1   ...   134   135   136   137   138   139   140   141   142
CCNA 200-301 June 2023-v1.2

    Bu səhifədəki naviqasiya:
  • Task 2
Note: Privilege level 15 is known as “enable mode” or “privileged exec mode,” and authorizes all commands by default.


Verification

First we must find an IP address on Gw1 to telnet with the “show ip interface brief” command on Gw1. Suppose we find out the IP address of e0/0 is


10.1.1.1. Try to telnet to Gw1 from PC1:

On HostA:


HostA:\> telnet 10.1.1.1 //The IP address may be different Trying 10.1.1.1 …Open


User Access Verification
Username: wheel //Type “wheel” here Password: ********* //Type “lock3path” here Gw1# //telnet to Gw1 successfully


Task 2. Configure and apply a NACL on Gw1 to control network traffic from VLAN 10

In order to control traffic from VLAN 10 only, we first need to find out the IP address range of this VLAN. We can check in the IP Configuration of HostA and HostC to find their IP addresses and subnet masks. For example we find out they belong to 10.10.10.0/24 so we will only permit HTTPS and deny other traffic from this subnet.




Note: Before getting an IP address from DHCP process, the client only sends broadcast messages to DHCP server so we cannot specify a specific subnet to filter these packets -> We should use the word “any” for both source and destination addresses.

On Gw1:


ip access-list extended CORP_ACL permit udp any any eq bootpc permit udp any any eq bootps


permit tcp 10.10.10.0 0.0.0.255 any eq 443 //there is no "https" keyword so we have to use the port number deny ip 10.10.10.0 0.0.0.255 any log-input

interface e0/0


ip access-group CORP_ACL in

This will permit DHCP client requests (bootpc) and server responses (bootps) from any source and destination address.


The “log-input” logs the following information: ingress interface, source MAC address, source IP address, destination IP address, source port, destination port.




Note: The “log” keyword simply generates a log message for a matching packet, without including any additional information. The “log-input” keyword, on the other hand, generates a log message that includes additional information about the packet, such as the interface it was received on, the source MAC address, and the source and destination IP addresses and ports. In summary, the “log” keyword generates a simple log message, while the “log-input” keyword provides more detailed information about the packet.



Yüklə 5,2 Mb.

Dostları ilə paylaş:
1   ...   134   135   136   137   138   139   140   141   142



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin