Background

Lab 8.5.1 Configuring ACLs and Verifying with Console Logging

Step 1: Connect the equipment
  1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2 using a serial cable.
  2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port on Switch 1 using a straight-through cable.
  3. Connect Host 1 to the Fa0/3 port on Switch 1 using a straight-through cable.
  4. Connect Host 2 to the Fa0/2 port on Switch 1 using a straight-through cable.
  5. Connect the Discovery Server to the Fa0/0 interface of Router 2 using a crossover cable.
Step 2: Perform basic configuration on Router 1

Step 3: Perform basic configuration on Router 2

Step 4: Perform basic configuration on Switch 1

Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
a. Configure each host with the proper IP address, subnet mask, and default gateway.
1) Host 1 should be assigned 192.168.1.5 /24 and the default gateway of 192.168.1.1.
2) Host 2 should be assigned 192.168.1.6 /24 and the default gateway of 192.168.1.1.
3) The server should be assigned 172.17.1.1 and a default gateway of 172.17.0.1.
b. Each host should be able to ping the other hosts

Step 6: Configure and apply ACLs
ACLs will be configured to control what services Hosts 1 and 2 can access from the server.

Step 7: Reflection
  1. What is an advantage of using the logging option on an ACL versus the information provided by the show access-lists command? Jawaban :  The logging option gives you more detailed information about what the access list is doing.
  2. What is a major concern of enabling the logging feature of an access control list? Jawaban : The amount of router resources that will be used to display the console messages.
  3. Would you normally log more than one line? Why or why not? Jawaban :   the ACL and what you are trying to do with it. If there are two lines that you think are not working exactly right, you would log those two lines.
If the network is not performing as expected (e.g. routing updates not occurring, name resolution not occurring) which ACL statement would you log? Jawaban : In this case, log the deny ip any any statement to see what packets are being blocked that should not be. It may be necessary to alter the ACL statements to accommodate this traffic.

Categories: Share

Leave a Reply