Acl Listas
Páginas: 11 (2639 palabras)
Publicado: 27 de mayo de 2012
RESOLUCION TRABAJO ACL´s
NOTA.- Las preguntas no sé si son mutuamente excluyentes, pero para efectos de resolución las he tratado como si fueran de menos a más. Para la A, solo he tomado esas consideraciones, para la B, esas, más las anteriores, y así sucesivamente:
PREGUNTA A (La pestaña de IOS Command Linterface Line, cuando se hace un copy paste al Word, sale con todos los errores que unoha tenido, así que he optado por hacer un copy solo al comando show access-lists, solo que no muestra la interface a la cual esta aplicada la ACL, entonces he copiado también la salida del comando show ip interface)
R1#show access-lists
Extended IP access list 110
permit tcp host 160.121.33.0 host 200.106.56.13 eq domain
permit tcp host 160.121.53.67 host 200.106.56.13 eq domainR1#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 160.121.32.1/19
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 110
R4#show access-lists
Extended IP access list 111permit tcp host 154.56.18.28 host 200.106.56.13 eq domain
permit tcp host 154.56.20.255 host 200.106.56.13 eq domain
R4#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 154.56.16.1/21
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding isdisabled
Outgoing access list is not set
Inbound access list is 111
R3#show access-lists
Extended IP access list 113
deny tcp 160.121.32.0 0.0.31.255 host 200.106.56.13 eq domain
deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq domain
permit tcp any host 200.106.56.13
R3#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is200.106.56.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 113
Inbound access list is not set
PREGUNTA B
Aparte de las configuraciones anteriores, en adición van estas:
R1#show access-lists
Extended IP access list 110
permit tcp host160.121.33.0 host 200.106.56.13 eq domain
permit tcp host 160.121.53.67 host 200.106.56.13 eq domain
Extended IP access list 120
permit tcp host 160.121.53.67 host 200.106.56.13 eq www
R1#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 160.121.32.1/19
Broadcast address is 255.255.255.255
Address determined by setup command
MTUis 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 120 MUESTRA LA ULTIMA NO MAS (120), LA ANTERIOR (110) YA NO, SIN EMBARGO EN EL SHOW ACCESS-LISTS SI APARECEN LAS 2R4#show access-lists
Extended IP access list 111
permit tcp host 154.56.18.28 host 200.106.56.13 eq domain
permit tcp host 154.56.20.255 host 200.106.56.13 eq domain
Extended IP access list 121
permit tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq www
R4#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 154.56.16.1/21
Broadcastaddress is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 121
NOTA.- Me parece que como en R3 ya existe una ACL anterior, ya no es necesario denegar el trafico al Web Server por este router ya que el deny implícito se encargara de denegar...
NOTA.- Las preguntas no sé si son mutuamente excluyentes, pero para efectos de resolución las he tratado como si fueran de menos a más. Para la A, solo he tomado esas consideraciones, para la B, esas, más las anteriores, y así sucesivamente:
PREGUNTA A (La pestaña de IOS Command Linterface Line, cuando se hace un copy paste al Word, sale con todos los errores que unoha tenido, así que he optado por hacer un copy solo al comando show access-lists, solo que no muestra la interface a la cual esta aplicada la ACL, entonces he copiado también la salida del comando show ip interface)
R1#show access-lists
Extended IP access list 110
permit tcp host 160.121.33.0 host 200.106.56.13 eq domain
permit tcp host 160.121.53.67 host 200.106.56.13 eq domainR1#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 160.121.32.1/19
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 110
R4#show access-lists
Extended IP access list 111permit tcp host 154.56.18.28 host 200.106.56.13 eq domain
permit tcp host 154.56.20.255 host 200.106.56.13 eq domain
R4#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 154.56.16.1/21
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding isdisabled
Outgoing access list is not set
Inbound access list is 111
R3#show access-lists
Extended IP access list 113
deny tcp 160.121.32.0 0.0.31.255 host 200.106.56.13 eq domain
deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq domain
permit tcp any host 200.106.56.13
R3#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is200.106.56.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 113
Inbound access list is not set
PREGUNTA B
Aparte de las configuraciones anteriores, en adición van estas:
R1#show access-lists
Extended IP access list 110
permit tcp host160.121.33.0 host 200.106.56.13 eq domain
permit tcp host 160.121.53.67 host 200.106.56.13 eq domain
Extended IP access list 120
permit tcp host 160.121.53.67 host 200.106.56.13 eq www
R1#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 160.121.32.1/19
Broadcast address is 255.255.255.255
Address determined by setup command
MTUis 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 120 MUESTRA LA ULTIMA NO MAS (120), LA ANTERIOR (110) YA NO, SIN EMBARGO EN EL SHOW ACCESS-LISTS SI APARECEN LAS 2R4#show access-lists
Extended IP access list 111
permit tcp host 154.56.18.28 host 200.106.56.13 eq domain
permit tcp host 154.56.20.255 host 200.106.56.13 eq domain
Extended IP access list 121
permit tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq www
R4#show ip interface
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 154.56.16.1/21
Broadcastaddress is 255.255.255.255
Address determined by setup command
MTU is 1500
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 121
NOTA.- Me parece que como en R3 ya existe una ACL anterior, ya no es necesario denegar el trafico al Web Server por este router ya que el deny implícito se encargara de denegar...
Leer documento completo
Regístrate para leer el documento completo.