Telematica 2010/2011

Test ACL
Gianluca Massei masseigianluca@gmail.com www.dibet.unina.it/gianluca.massei

Presentazione parzialmente tratta da: TestKing CCNA

Test ACL 1
On the Hong Kong router an access list is needed that will accomplish the following: 1. Allow a Telnet connection to the HR Server through the Internet 2. Allow internet HTTP traffic to access the webserver 3. Block any other traffic from the internet to everything else Hong Kong(config)# access-list 101 permit tcp any host 172.17.17.252 eq 23 Hong Kong(config)# access-list 101 permit tcp any host 172.17.18.252 eq 80
Test ACL 2

Test ACL 2
An access list was created in order to prevent students and outsiders on the internet from changing student files in the Records Server, while still allowing other departments in the 172.16.0.0/16. The access control list was applied to the e0 interface of the R3 router going outbound.

R3(config)# access-list 101 deny ip 172.16.62.0 0.0.0.255 host 172.16.64.254 R3(config)# access-list 101 permit ip 172.16.0.0 0.0.255.255 host 172.16.64.254

Test ACL

Test ACL 3
Which statement will deny all telnet connections to subnet 10.10.1.0/24? R(config)# access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23

Test ACL

Test ACL 4
An access list needs to be implemented that will block users from the Graphics Department from Telnetting to the HR Server, and this list is to be implemented on the Ethernet 0 interface of the Westfield router for the inbound direction. All other office communications should be allowed. Westfield(config)# access-list 101 deny tcp 192.168.16.0 0.0.0.255 host 192.168.17.252 eq 23 Westfield(config)# access-list 101 permit ip any any

Test ACL

Test ACL 5
In order to prevent the Web Server from receiving telnet traffic from the Graphics Dept. users, an access is created denying this traffic. On which router, which interface and in which direction should you place the access list for maximum efficiency?

R1 Router

Ethernet 0

in

Test ACL

Test ACL 6
The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN: access-list 135 deny tcp 192.169.1.8 0.0.0.7 any eq 20 access-list 135 deny tcp 192.169.1.8 0.0.0.7 any eq 21 How will the above access lists affect traffic?

All traffic exiting E0 will be denied.

Test ACL

Test ACL 7

The network administrator wants to prevent computers on the 192.168.23.64/26 subnet from accessing the 192.168.23.128/26 subnet via HTTP. All other hosts should be allowed to access. Router(config)# access-list 101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq 80 Router(config)# access-list 101 permit ip any any Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 in

Test ACL

Test ACL 8
A network is subnetted using 29 bits for the subnet mask. Which wild card mask should be used to configure an extended access list to permit or deny access to an entire subnetwork?

0.0.0.7

Test ACL

Test ACL 9

An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statements that will have exactly the same effect? access-list 10 permit 172.29.16.0 0.0.3.255

Test ACL

10

Test ACL 10
You need to place an access list on the Fa0/0 interface of HOME router that will deny access to all hosts that lie within the range 192.168.160.0 192.168.191.0.

HOME(config)# access-list 1 deny 192.168.160.0 0.0.31.255

Test ACL

11