π― Obiettivi
πΊοΈ Topologia
π Guida
Lab β ACL Extended
R1 con 4 LAN. Crea ACL 100 per: bloccare SSH da Vendite al server, permettere HTTP/HTTPS a tutti, bloccare ping da Guest. Applica vicino alla sorgente. Verifica con ping simulando diversi protocolli.
0%
ACL Extended β 4 LAN
R1 Gi0/0: 192.168.1.1/24 (Vendite) β PC-Sales: .1.10R1 Gi0/1: 192.168.2.1/24 (IT) β PC-IT: .2.10
R1 Gi0/2: 192.168.10.1/24 (Server) β SRV: .10.100
R1 Gi0/3: 10.0.0.1/24 (Guest) β PC-Guest: 10.0.0.5
Policy:
βΈ Vendite: NO SSH al server, SΓ HTTP/HTTPS
βΈ IT: tutto permesso al server
βΈ Guest: NO ping a nessuno, SΓ HTTP
βΈ ACL extended β applica vicino alla SORGENTE
1ACL 100: deny SSH da Vendite
access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 192.168.10.100 eq 22
2ACL 100: permit HTTP + HTTPS
access-list 100 permit tcp any host 192.168.10.100 eq 80
access-list 100 permit tcp any host 192.168.10.100 eq 443
access-list 100 permit tcp any host 192.168.10.100 eq 443
3ACL 100: permit any any
access-list 100 permit ip any any
4Applica ACL 100 inbound su Gi0/0
int Gi0/0 β ip access-group 100 in
Vicino alla sorgente (Vendite)!
Vicino alla sorgente (Vendite)!
5ACL 110: blocca ICMP da Guest
access-list 110 deny icmp 10.0.0.0 0.0.0.255 any
access-list 110 permit ip any any
Applica inbound su Gi0/3
access-list 110 permit ip any any
Applica inbound su Gi0/3
6Verifica e test
show access-lists
Sales: ssh .10.100 β, http .10.100 β
Guest: ping .10.100 β, http .10.100 β
Sales: ssh .10.100 β, http .10.100 β
Guest: ping .10.100 β, http .10.100 β
R1 β Console
R1
Sales
IT
Guest
R1>