Scribd Logo
Upload

Welcome to Scribd!

  • Lab Report 13 CN

    Uploaded by

    joy lee
    30 views7 pages

    Original Title

    lab report 13 CN

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views7 pages

    Lab Report 13 CN

    Uploaded by

    joy lee

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Department of Electrical Engineering

    EE-462 Computer Networks Lab

    Lab Report: 13
    ACCESS CONTROL LISTS (ACL)

    Name: Ahsan Riaz


    Roll Number: 140967
    Class: BEE-VIII-D

    Submitted To: Engr. Aqib Khan


    ACCESS CONTROL LISTS (ACL)

    Objective
    In this lab we shall work on access control lists. It means that we
    provide or restrict access to a certain network or to a certain network in a certain pc as desired.
    Introduction

    In this section, we shall work on access control lists. ACL define rules that can be used to
    restrict packets from travelling across networks according to our choice. There are two types.
    Standard ACL (1-99) which are only used to block or permit networks whereas other type is
    extended ACL (99-100) which is used to block or permit hosts from communication with other
    hosts or network.

    PROCEDURE

    STEP 1: First of all copy three routers, nine pc and three switches on software. Assign IP
    address to pc then assign gateway to pc as done in previous labs. All commands are shown
    below. We have to do settings for restriction in router 0 so that 192.168.30.3 host cannot
    communicate with entire 192.168.60.0 network, after that choose inbound or outbound interface
    from that specific router.

    FOR ROUTER 0:

    Router>enable

    Router#
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#int se 0/0/0
    Router(config-if)#ip address 192.168.20.1 255.255.255.0
    Router(config-if)#int fa 0/0
    Router(config-if)#ip address 192.168.10.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#int se 0/0/0
    Router(config-if)#no shutdown
    Router(config-if)#int se 0/0/0
    Router(config-if)#ip address 192.168.10.1 255.255.255.0
    Router(config-if)#ip address 192.168.20.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#int se 0/0/0
    Router(config-if)#no shutdown
    Router(config-if)#
    Router(config-if)#exit
    Router(config)#
    Router(config)#exit
    Router>enable
    Router#conf t
    Router(config)#router rip
    Router(config-router)#network 192.168.10.0
    Router(config-router)#network 192.168.20.0
    Router(config-router)#
    Router(config-router)#exit
    Router(config)#exit
    Router#show ip route
    Gateway of last resort is not set
    C 192.168.10.0/24 is directly connected, FastEthernet0/0
    C 192.168.20.0/24 is directly connected, Serial0/0/0
    R 192.168.30.0/24 [120/1] via 192.168.20.2, 00:00:22, Serial0/0/0
    R 192.168.40.0/24 [120/1] via 192.168.20.2, 00:00:22, Serial0/0/0
    R 192.168.60.0/24 [120/2] via 192.168.20.2, 00:00:22, Serial0/0/0

    Router>ENABLE
    Router#CONF T
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#access-list 10 deny 192.168.60.0 0.0.0.255
    Router(config)#access-list 10 deny 192.168.30.3
    Router(config)#access-list 10 permit any

    Router(config)#int fa 0/0
    Router(config-if)#ip access-group 10 out
    Router(config-if)#

    Router(config)#access-list 100 permit ip 192.168.60.0 0.0.0.255 host 192.168.10.3


    Router(config)#access-list 100 permit ip host 192.168.30.3 host 192.168.10.2
    Router(config)#access-list 100 permit ip 192.168.60.0 0.0.0.255 any
    Router(config)#access-list 100 deny ip host 192.168.30.3 any
    Router(config)#access-list 100 permit ip any any
    Router(config)#

    FOR ROUTER 1:

    Router>enable

    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#int fa 0/0
    Router(config-if)#ip address 192.168.30.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#no shutdown
    Router(config-if)#int se 0/0/1
    Router(config-if)#ip address 192.168.20.2 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#int se 0/0/1
    Router(config-if)#ip address 192.168.40.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#int se 0/0/0
    Router(config-if)#ip address 192.168.20.2 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#
    Router(config)#int se 0/0/0
    Router(config-if)#clock rate 64000
    Router(config-if)#exit
    Router(config)#
    Router(config)#
    Router>enable
    Router#conf t
    Router(config)#router rip
    Router(config-router)#network 192.168.20.0
    Router(config-router)#network 192.168.30.0
    Router(config-router)#network 192.168.40.0
    Router(config-router)#exit
    Router(config)#
    Router(config)#exit
    Router#show ip route
    Gateway of last resort is not set
    R 192.168.10.0/24 [120/1] via 192.168.20.1, 00:00:04, Serial0/0/0
    C 192.168.20.0/24 is directly connected, Serial0/0/0
    C 192.168.30.0/24 is directly connected, FastEthernet0/0
    C 192.168.40.0/24 is directly connected, Serial0/0/1
    R 192.168.60.0/24 [120/1] via 192.168.40.2, 00:00:26, Serial0/0/1

    FOR ROUTER 2:

    Router>enable
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#int se 0/0/0
    Router(config-if)#ip address 192.168.40.2 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#int fa 0/0
    Router(config-if)#ip address 192.168.60.1 255.255.255.0
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#exit
    Router#enable
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#int se 0/0/0
    Router(config-if)#clock rate 64000
    Router(config-if)#exit
    Router(config)#exit
    Router>enable
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#router rip
    Router(config-router)#network 192.168.40.0
    Router(config-router)#network 192.168.60.0
    Router(config-router)#exit
    Router(config)#
    Router(config)#exit
    Router#show ip route
    Gateway of last resort is not set
    R 192.168.10.0/24 [120/2] via 192.168.40.1, 00:00:20, Serial0/0/0
    R 192.168.20.0/24 [120/1] via 192.168.40.1, 00:00:20, Serial0/0/0
    R 192.168.30.0/24 [120/1] via 192.168.40.1, 00:00:20, Serial0/0/0
    C 192.168.40.0/24 is directly connected, Serial0/0/0
    C 192.168.60.0/24 is directly connected, FastEthernet0/0

    Step 2: Now send a message to observe whether access control list has been successfully
    implemented across networks or not. Figure shows host is restricted from that network.

    Step 3: Now in the same network we remove the previous configured access list by using
    command no access-list 10 and then we shall restrict 192.168.30.0 network from 192.168.60.0
    network and we shall give access to host 192.168.60.2 to network 192.168.30.0 in router 1 CLI.
    After that we shall restrict 192.168.10.4 from 192.168.60.0 network and we shall give access to
    192.168.10.4 to only 192.168.60.3 in that network. All commands are same till configuring clock
    as we did in previous labs. Just new commands for list are shown below.
    FOR ROUTER 0
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#no access-list 10
    Router(config)#exit
    Router#

    FOR ROUTER 2
    Router(config)#access-list 100 permit ip 192.168.30.0 0.0.0.255 host 192.168.60.2

    Router(config)#access-list 100 deny ip 192.168.30.0 0.0.0.255 any


    Router(config)#access-list 100 permit ip any any
    Router(config)#int fa 0/0
    Router(config-if)#ip access-group 100 out
    Router(config-if)#exit
    Router(config)#exit
    Router(config)#access-list 100 permit ip host 192.168.10.4 host 192.168.60.3
    Router(config)#access-list 100 deny ip host 192.168.10.4 any
    Router(config)#access-list 100 permit ip any any
    Router(config)#int fa 0/0
    Router(config-if)#ip access-group 100 out
    Router(config-if)#exit
    Router(config)#exit
    Router#

    Learning Outcomes

    This lab simply explains the use and implementation of access control lists. In this lab we
    observed that by setting access control lists in routers the specific network or host can be
    accessed or restricted from other network or host as desired. The implementation in this lab was
    successful.

    HOME TASK LAB 13 IS TO BE SUBMITTED AS ASSIGNMENT

    End questions lab 13

    Q1 What is an ACL and what are its advantages?


    ACl means access control lists and it has the advantage that is used to access or restrict the
    network or hosts from each other.
    Q2 What is main difference between standard and extended ACL?
    In standard ACL we cannot access or restrict host from network we can only do that for entire
    network but in extended ACL we can access or restrict desired host from network.
    Q3 What is the advantage of using named ACL?
    They behave in exact way as that of standard or extended ACL but it has name instead of
    number
    Q4 Which command is used to verify ACL configurations?
    Show access-list is used to verify ACL configurations.
    -----------THE END----------

    You might also like