Acl Router A

GRUPO11. Permitir el acceso al host .100 al servicio http y denegar el resto de servicios para este host.Router RBConfigure terminalaccess-list 101 permit tcp 186.33.0.25 0.0.0.0 186.33.0.100 0.0.0.0 eq 80access-list 101 deny ip 186.33.0.24 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 deny ip 186.33.0.23 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 deny ip 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 deny ip 186.33.0.64 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 permit ip any anyinterface Gig0/0ip access-group 101 out2.- Permitir el acceso a todo los servicios al host .135 excepto a los servicios red/26 que al servidor POP3 lo utilice como descarga y a SMTP2 para envi.Router RCno access-list 120 permit ip any anyaccess-list 101 permit tcp 186.33.0.101 0.0.0.0 186.33.0.135 0.0.0.0 access-list 101 permit tcp 186.33.0.23 0.0.0.0 186.33.0.135 0.0.0.0 access-list 101 deny ip 186.33.0.25 0.0.0.0 186.33.0.135 0.0.0.0access-list 101 deny ip 186.33.0.26 0.0.0.0 186.33.0.135 0.0.0.0 access-list 101 deny ip 186.33.0.24 0.0.0.0 186.33.0.135 0.0.0.0 access-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.135 0.0.0.0 access-list 101 deny ip 186.33.0.20 0.0.0.0 186.33.0.135 0.0.0.0 access-list 101 permit ip any anyinterface Gig0/1ip access-group 101 outGRUPO22. Al host .20 denegar el servicio de vpn y permitir el acceso al resto de la red.ROUTER RCaccess-list 101 deny ip 186.33.0.161 0.0.0.0 186.33.0.20 0.0.0.0 access-list 101 deny ip 186.33.0.71 0.0.0.0 186.33.0.20 0.0.0.0access-list 101 deny ip 0.0.0.0 0.0.0.0 186.33.0.20 0.0.0.0access-list 101 permit ip any anyinterface Gig0/0ip access-group 101 out3. A la Pc .100 Permitir el acceso al servidor vpn y denegar el acceso al resto de la red.ROUTER RBno access-list 101 permit ip any anyinterface Gig0/0no ip access-group 101 outaccess-list 101 permit ip 186.33.0.161 0.0.0.0 186.33.0.100 0.0.0.0access-list 101 permit ip 186.33.0.71 0.0.0.0 186.33.0.100 0.0.0.0access-list 101 permit ip 0.0.0.0 0.0.0.0 186.33.0.20 0.0.0.0access-list 101 deny ip 186.33.0.101 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.66 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.67 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.70 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.75 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.76 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.128 0.0.0.31 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.0 0.0.0.63 186.33.0.100 0.0.0.0access-list 101 permit ip any anyinterface Gig0/0ip access-group 101 outSENTENCIAS GRUPO # 34.Permitir el acceso del host .20 y el host .100 hacia el servicio de voz ip y denegar el acceso al servicio al resto de las subredes que contienen a los 2 host previamente enunciados (0.0) /26y (.97)/27ROUTER RBaccess-list 101 permit tcp 186.33.0.66 0.0.0.0 186.33.0.100 0.0.0.0 eq 2000access-list 101 permit tcp 186.33.0.67 0.0.0.0 186.33.0.100 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.101 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.101 0.0.0.0 eq 2000access-list 101 permit ip any 186.33.0.100 0.0.0.0 interface Gig0/0ip access-group 101 out ROUTER RCaccess-list 114 permit ip any anyinterface Gig0/0ip access-group 114 outaccess-list 101 permit tcp 186.33.0.66 0.0.0.0 186.33.0.20 0.0.0.0 eq 2000access-list 101 permit tcp 186.33.0.67 0.0.0.0 186.33.0.20 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.21 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.21 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.22 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.22 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.23 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.23 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.24 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.24 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.25 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.25 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.66 0.0.0.0 186.33.0.26 0.0.0.0 eq 2000access-list 101 deny tcp 186.33.0.67 0.0.0.0 186.33.0.26 0.0.0.0 eq 2000access-list 101 permit ip any 186.33.0.20 0.0.0.0 interface Gig0/0ip access-group 101 out5. Denegar el acceso del host 186.33.0.100 al servidor DNS y al host 186.33.0.69, permitiendo acceso al servicio en el resto de la red.ROUTER RBaccess-list 101 deny tcp 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0 eq 53access-list 101 deny udp 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0 eq 53access-list 101 deny tcp 186.33.0.22 0.0.0.0 186.33.0.69 0.0.0.0 eq 53access-list 101 deny udp 186.33.0.22 0.0.0.0 186.33.0.69 0.0.0.0 eq 53access-list 101 permit ip any anyinterface se0/0/1ip access group 101 outSENTENCIAS GRUPO # 46. Permitir a un porcentaje de host de la red 186.33.0.64/27 acceder al servidor SMTP1 y al resto de host de la misma red permitir el acceso al servidor SMTP2. Router RAaccess-list 101 permit tcp 186.33.0.23 0.0.0.0 186.33.0.75 0.0.0.0 access-list 101 permit tcp 186.33.0.101 0.0.0.0 186.33.0.64 0.0.0.31access-list 101 permit ip any anyinterface fa0/0ip access-group 101 out7. Permitir a un porcentaje de host de la red 186.33.0.128/27 acceder al servidor SMTP2 y al resto de host de la misma red permitir el acceso al servidor SMTP1.ROUTER RCaccess-list permit ip any anyaccess-list 101 permit tcp 186.33.0.101 0.0.0.0 186.33.0.128 0.0.0.31 access-list 101 permit tcp 186.33.0.23 0.0.0.0 186.33.0.128 0.0.0.31 access-list 101 permit ip any anyinterface Gig0/0ip access group 101 outSENTENCIAS GRUPO #58.Denegar el acceso al host 186.33.0.100/27 el servicio SMTP2 y permitir el resto de la red.Router RB *access-list 101 deny tcp 186.33.0.101 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 deny ip any any interface Gig0/0ip access-group 101 in 9. A los host de la red .96 permitir hacer ssh al router A y C, el resto de los host no lo pueden hacer.ROUTER RB *access-list 101 permit tcp 186.33.0.161 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 permit ip any 186.33.0.100 0.0.0.0interface Gig0/0ip access-group 101 outSENTENCIAS GRUPO #610. Denegar el acceso al host Pc2: .69 el acceso al servicio de VPN y FTP y permitir al resto de la red.ROUTER RAaccess-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.69 0.0.0.0 access-list 101 deny ip 186.33.0.65 0.0.0.0 186.33.0.69 0.0.0.0 access-list 101 deny ip 0.0.0.0 0.0.0.0 186.33.0.69 0.0.0.0 access-list 101 permit ip any anyinterface Fa0/0ip access-group 101 out 11. Denegar el acceso al host Pc1:.100 el servicio DNS y web, y permitir el acceso a los servidores del router RC.ROUTER RB *access-list 101 permit ip 186.33.0.24 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 permit ip 186.33.0.23 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 permit ip 186.33.0.21 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 deny ip 186.33.0.22 0.0.0.0 186.33.0.100 0.0.0.0access-list 101 deny ip 186.33.0.25 0.0.0.0 186.33.0.100 0.0.0.0Access-list 101 permit ip any anyinterface Gig0/0ip access-group 101 outSENTENCIAS GRUPO #712. Denegar el acceso de la PC2 (cualquier ip valida) al servidor FTP y permitir a los dems host de la red acceder al mismoROUTER RAaccess-list 101 deny ip 186.33.0.21 0.0.0.0 186.33.0.69 0.0.0.0 access-list 101 permit ip any anyinterface Fa0/0ip access-group 101 out 13. Permitir que el host .100 tenga acceso al servidor FTP y no tenga acceso a los dems servicios.Router RB*Configure terminalaccess-list 101 permit ip 186.33.0.21 0.0.0.0 186.33.0.100 0.0.0.0 access-list 101 permit ip any anyinterface Gig0/0ip access-group 101 out

Acl Router A

Documents

Transcript of Acl Router A