Scribd Logo
Upload

Welcome to Scribd!

  • Acl Router A

    Uploaded by

    Karito
    14 views4 pages
    configuración de ACL

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    configuración de ACL

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views4 pages

    Acl Router A

    Uploaded by

    Karito
    configuración de ACL

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    GRUPO1

    1.
    Permitir el acceso al host .100 al servicio http y
    denegar el resto de servicios para este host.
    Router RB
    Configure terminal
    access-list 101 permit tcp 186.33.0.25 0.0.0.0 186.33.0.100 0.0.0.0 eq 80
    access-list 101 deny ip 186.33.0.24 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.23 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.64 0.0.0.31 186.33.0.100 0.0.0.0
    access-list 101 permit ip any any
    interface Gig0/0
    ip access-group 101 out
    2.- Permitir el acceso a todo los servicios al host .135
    excepto a los servicios red/26 que al servidor POP3 lo utilice
    como descarga y a SMTP2 para envi.
    Router RC
    no access-list 120 permit ip any any
    access-list 101 permit tcp 186.33.0.101 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 permit tcp 186.33.0.23 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 deny ip 186.33.0.25 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 deny ip 186.33.0.26 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 deny ip 186.33.0.24 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 deny ip 186.33.0.20 0.0.0.0 186.33.0.135 0.0.0.0
    access-list 101 permit ip any any
    interface Gig0/1
    ip access-group 101 out
    GRUPO2
    2.
    Al host .20 denegar el servicio de vpn y permitir el acceso al resto de
    la red.
    ROUTER RC
    access-list 101 deny ip 186.33.0.161 0.0.0.0 186.33.0.20 0.0.0.0
    access-list 101 deny ip 186.33.0.71 0.0.0.0 186.33.0.20 0.0.0.0
    access-list 101 deny ip 0.0.0.0 0.0.0.0 186.33.0.20 0.0.0.0
    access-list 101 permit ip any any
    interface Gig0/0
    ip access-group 101 out

    3.
    A la Pc .100 Permitir el acceso al servidor vpn y
    denegar el acceso al resto de la red.
    ROUTER RB
    no access-list 101 permit ip any any
    interface Gig0/0
    no ip access-group 101 out
    access-list
    access-list
    access-list
    access-list

    101
    101
    101
    101

    permit ip 186.33.0.161 0.0.0.0 186.33.0.100 0.0.0.0


    permit ip 186.33.0.71 0.0.0.0 186.33.0.100 0.0.0.0
    permit ip 0.0.0.0 0.0.0.0 186.33.0.20 0.0.0.0
    deny ip 186.33.0.101 0.0.0.31 186.33.0.100 0.0.0.0

    access-list 101 deny ip 186.33.0.66 0.0.0.31 186.33.0.100 0.0.0.0


    access-list 101 deny ip 186.33.0.67 0.0.0.31 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.70 0.0.0.31 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.75 0.0.0.31 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.76 0.0.0.31 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.128 0.0.0.31 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.0 0.0.0.63 186.33.0.100 0.0.0.0
    access-list 101 permit ip any any
    interface Gig0/0
    ip access-group 101 out
    SENTENCIAS

    GRUPO # 3

    4.Permitir el acceso del host .20 y el host .100


    hacia el servicio de voz ip y denegar el acceso al servicio
    al resto de las subredes que contienen a los 2 host previamente
    enunciados (0.0) /26y (.97)/27
    ROUTER RB
    access-list 101 permit tcp 186.33.0.66 0.0.0.0 186.33.0.100 0.0.0.0 eq 2000
    access-list 101 permit tcp 186.33.0.67 0.0.0.0 186.33.0.100 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.101 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.101 0.0.0.0 eq 2000
    access-list 101 permit ip any 186.33.0.100 0.0.0.0
    interface Gig0/0
    ip access-group 101 out
    ROUTER RC
    access-list 114 permit ip any any
    interface Gig0/0
    ip access-group 114 out
    access-list 101 permit tcp 186.33.0.66 0.0.0.0 186.33.0.20 0.0.0.0 eq 2000
    access-list 101 permit tcp 186.33.0.67 0.0.0.0 186.33.0.20 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.21 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.21 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.22 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.22 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.23 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.23 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.24 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.24 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.25 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.25 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.26 0.0.0.0 eq 2000
    access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.26 0.0.0.0 eq 2000
    access-list 101 permit ip any 186.33.0.20 0.0.0.0
    interface Gig0/0
    ip access-group 101 out
    5.
    Denegar el acceso del host 186.33.0.100 al servidor DNS
    y al host 186.33.0.69, permitiendo acceso al servicio en el
    resto de la red.
    ROUTER RB
    access-list 101 deny tcp 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0 eq 53
    access-list 101 deny udp 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0 eq 53
    access-list 101 deny tcp 186.33.0.22 0.0.0.0 186.33.0.69 0.0.0.0 eq 53

    access-list 101 deny udp 186.33.0.22 0.0.0.0 186.33.0.69 0.0.0.0 eq 53


    access-list 101 permit ip any any
    interface se0/0/1
    ip access group 101 out
    SENTENCIAS GRUPO # 4
    6.
    Permitir a un porcentaje de host de la red 186.33.0.64/27
    acceder al servidor SMTP1 y al resto de host de la misma red permitir
    el acceso al servidor SMTP2.
    Router RA
    access-list 101 permit tcp 186.33.0.23 0.0.0.0 186.33.0.75 0.0.0.0
    access-list 101 permit tcp 186.33.0.101 0.0.0.0 186.33.0.64 0.0.0.31
    access-list 101 permit ip any any
    interface fa0/0
    ip access-group 101 out
    7.
    Permitir a un porcentaje de host de la red 186.33.0.128/27
    acceder al servidor SMTP2 y al resto de host de la misma red permitir
    el acceso al servidor SMTP1.
    ROUTER RC
    access-list permit ip any any
    access-list 101 permit tcp 186.33.0.101 0.0.0.0 186.33.0.128 0.0.0.31
    access-list 101 permit tcp 186.33.0.23 0.0.0.0 186.33.0.128 0.0.0.31
    access-list 101 permit ip any any
    interface Gig0/0
    ip access group 101 out
    SENTENCIAS GRUPO #5
    8.Denegar el acceso al host 186.33.0.100/27 el servicio SMTP2 y
    permitir el resto de la red.
    Router RB *
    access-list 101 deny tcp 186.33.0.101 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip any any
    interface Gig0/0
    ip access-group 101 in
    9. A los host de la red .96 permitir hacer ssh al router A y C,
    el resto de los host no lo pueden hacer.
    ROUTER RB *
    access-list 101 permit tcp 186.33.0.161 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 permit ip any 186.33.0.100 0.0.0.0
    interface Gig0/0
    ip access-group 101 out
    SENTENCIAS GRUPO #6
    10.
    Denegar el acceso al host Pc2: .69 el acceso al servicio de VPN
    y FTP y permitir al resto de la red.
    ROUTER RA
    access-list 101
    access-list 101
    access-list 101
    access-list 101
    interface Fa0/0
    ip access-group
    11.

    deny ip 186.33.0.21 0.0.0.0 186.33.0.69 0.0.0.0


    deny ip 186.33.0.65 0.0.0.0 186.33.0.69 0.0.0.0
    deny ip 0.0.0.0 0.0.0.0 186.33.0.69 0.0.0.0
    permit ip any any
    101 out

    Denegar el acceso al host Pc1:.100 el servicio DNS y

    web, y permitir el acceso a los servidores del router RC.


    ROUTER RB *
    access-list 101 permit ip 186.33.0.24 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 permit ip 186.33.0.23 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 permit ip 186.33.0.21 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 deny ip 186.33.0.25 0.0.0.0 186.33.0.100 0.0.0.0
    Access-list 101 permit ip any any
    interface Gig0/0
    ip access-group 101 out

    SENTENCIAS GRUPO #7
    12.
    Denegar el acceso de la PC2 (cualquier ip valida) al
    servidor FTP y permitir a los dems host de la red acceder al mismo
    ROUTER RA
    access-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.69 0.0.0.0
    access-list 101 permit ip any any
    interface Fa0/0
    ip access-group 101 out
    13.
    Permitir que el host .100 tenga acceso al servidor FTP y
    no tenga acceso a los dems servicios.
    Router RB*
    Configure terminal
    access-list 101 permit ip 186.33.0.21 0.0.0.0 186.33.0.100 0.0.0.0
    access-list 101 permit ip any any
    interface Gig0/0
    ip access-group 101 out

    You might also like